github.com/aavshr/aws-sdk-go@v1.41.3/service/organizations/api.go (about)

     1  // Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
     2  
     3  package organizations
     4  
     5  import (
     6  	"fmt"
     7  	"time"
     8  
     9  	"github.com/aavshr/aws-sdk-go/aws"
    10  	"github.com/aavshr/aws-sdk-go/aws/awsutil"
    11  	"github.com/aavshr/aws-sdk-go/aws/request"
    12  	"github.com/aavshr/aws-sdk-go/private/protocol"
    13  	"github.com/aavshr/aws-sdk-go/private/protocol/jsonrpc"
    14  )
    15  
    16  const opAcceptHandshake = "AcceptHandshake"
    17  
    18  // AcceptHandshakeRequest generates a "aws/request.Request" representing the
    19  // client's request for the AcceptHandshake operation. The "output" return
    20  // value will be populated with the request's response once the request completes
    21  // successfully.
    22  //
    23  // Use "Send" method on the returned Request to send the API call to the service.
    24  // the "output" return value is not valid until after Send returns without error.
    25  //
    26  // See AcceptHandshake for more information on using the AcceptHandshake
    27  // API call, and error handling.
    28  //
    29  // This method is useful when you want to inject custom logic or configuration
    30  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
    31  //
    32  //
    33  //    // Example sending a request using the AcceptHandshakeRequest method.
    34  //    req, resp := client.AcceptHandshakeRequest(params)
    35  //
    36  //    err := req.Send()
    37  //    if err == nil { // resp is now filled
    38  //        fmt.Println(resp)
    39  //    }
    40  //
    41  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
    42  func (c *Organizations) AcceptHandshakeRequest(input *AcceptHandshakeInput) (req *request.Request, output *AcceptHandshakeOutput) {
    43  	op := &request.Operation{
    44  		Name:       opAcceptHandshake,
    45  		HTTPMethod: "POST",
    46  		HTTPPath:   "/",
    47  	}
    48  
    49  	if input == nil {
    50  		input = &AcceptHandshakeInput{}
    51  	}
    52  
    53  	output = &AcceptHandshakeOutput{}
    54  	req = c.newRequest(op, input, output)
    55  	return
    56  }
    57  
    58  // AcceptHandshake API operation for AWS Organizations.
    59  //
    60  // Sends a response to the originator of a handshake agreeing to the action
    61  // proposed by the handshake request.
    62  //
    63  // This operation can be called only by the following principals when they also
    64  // have the relevant IAM permissions:
    65  //
    66  //    * Invitation to join or Approve all features request handshakes: only
    67  //    a principal from the member account. The user who calls the API for an
    68  //    invitation to join must have the organizations:AcceptHandshake permission.
    69  //    If you enabled all features in the organization, the user must also have
    70  //    the iam:CreateServiceLinkedRole permission so that AWS Organizations can
    71  //    create the required service-linked role named AWSServiceRoleForOrganizations.
    72  //    For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integration_services.html#orgs_integration_service-linked-roles)
    73  //    in the AWS Organizations User Guide.
    74  //
    75  //    * Enable all features final confirmation handshake: only a principal from
    76  //    the management account. For more information about invitations, see Inviting
    77  //    an AWS Account to Join Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html)
    78  //    in the AWS Organizations User Guide. For more information about requests
    79  //    to enable all features in the organization, see Enabling All Features
    80  //    in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
    81  //    in the AWS Organizations User Guide.
    82  //
    83  // After you accept a handshake, it continues to appear in the results of relevant
    84  // APIs for only 30 days. After that, it's deleted.
    85  //
    86  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
    87  // with awserr.Error's Code and Message methods to get detailed information about
    88  // the error.
    89  //
    90  // See the AWS API reference guide for AWS Organizations's
    91  // API operation AcceptHandshake for usage and error information.
    92  //
    93  // Returned Error Types:
    94  //   * AccessDeniedException
    95  //   You don't have permissions to perform the requested operation. The user or
    96  //   role that is making the request must have at least one IAM permissions policy
    97  //   attached that grants the required permissions. For more information, see
    98  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
    99  //   in the IAM User Guide.
   100  //
   101  //   * AWSOrganizationsNotInUseException
   102  //   Your account isn't a member of an organization. To make this request, you
   103  //   must use the credentials of an account that belongs to an organization.
   104  //
   105  //   * HandshakeConstraintViolationException
   106  //   The requested operation would violate the constraint identified in the reason
   107  //   code.
   108  //
   109  //   Some of the reasons in the following list might not be applicable to this
   110  //   specific API or operation:
   111  //
   112  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
   113  //      the number of accounts in an organization. Note that deleted and closed
   114  //      accounts still count toward your limit. If you get this exception immediately
   115  //      after creating the organization, wait one hour and try again. If after
   116  //      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
   117  //
   118  //      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
   119  //      the invited account is already a member of an organization.
   120  //
   121  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
   122  //      handshakes that you can send in one day.
   123  //
   124  //      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
   125  //      to join an organization while it's in the process of enabling all features.
   126  //      You can resume inviting accounts after you finalize the process when all
   127  //      accounts have agreed to the change.
   128  //
   129  //      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
   130  //      because the organization has already enabled all features.
   131  //
   132  //      * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
   133  //      request is invalid because the organization has already started the process
   134  //      to enable all features.
   135  //
   136  //      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
   137  //      the account is from a different marketplace than the accounts in the organization.
   138  //      For example, accounts with India addresses must be associated with the
   139  //      AISPL marketplace. All accounts in an organization must be from the same
   140  //      marketplace.
   141  //
   142  //      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
   143  //      change the membership of an account too quickly after its previous change.
   144  //
   145  //      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
   146  //      account that doesn't have a payment instrument, such as a credit card,
   147  //      associated with it.
   148  //
   149  //   * HandshakeNotFoundException
   150  //   We can't find a handshake with the HandshakeId that you specified.
   151  //
   152  //   * InvalidHandshakeTransitionException
   153  //   You can't perform the operation on the handshake in its current state. For
   154  //   example, you can't cancel a handshake that was already accepted or accept
   155  //   a handshake that was already declined.
   156  //
   157  //   * HandshakeAlreadyInStateException
   158  //   The specified handshake is already in the requested state. For example, you
   159  //   can't accept a handshake that was already accepted.
   160  //
   161  //   * InvalidInputException
   162  //   The requested operation failed because you provided invalid values for one
   163  //   or more of the request parameters. This exception includes a reason that
   164  //   contains additional information about the violated limit:
   165  //
   166  //   Some of the reasons in the following list might not be applicable to this
   167  //   specific API or operation.
   168  //
   169  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
   170  //      the same entity.
   171  //
   172  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
   173  //      can't be modified.
   174  //
   175  //      * INPUT_REQUIRED: You must include a value for all required parameters.
   176  //
   177  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
   178  //      for the invited account owner.
   179  //
   180  //      * INVALID_ENUM: You specified an invalid value.
   181  //
   182  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
   183  //
   184  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
   185  //      characters.
   186  //
   187  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
   188  //      at least one invalid value.
   189  //
   190  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
   191  //      from the response to a previous call of the operation.
   192  //
   193  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
   194  //      organization, or email) as a party.
   195  //
   196  //      * INVALID_PATTERN: You provided a value that doesn't match the required
   197  //      pattern.
   198  //
   199  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
   200  //      match the required pattern.
   201  //
   202  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
   203  //      name can't begin with the reserved prefix AWSServiceRoleFor.
   204  //
   205  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
   206  //      Name (ARN) for the organization.
   207  //
   208  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
   209  //
   210  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
   211  //      tag. You can’t add, edit, or delete system tag keys because they're
   212  //      reserved for AWS use. System tags don’t count against your tags per
   213  //      resource limit.
   214  //
   215  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
   216  //      for the operation.
   217  //
   218  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
   219  //      than allowed.
   220  //
   221  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
   222  //      value than allowed.
   223  //
   224  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
   225  //      than allowed.
   226  //
   227  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
   228  //      value than allowed.
   229  //
   230  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
   231  //      between entities in the same root.
   232  //
   233  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
   234  //      target entity.
   235  //
   236  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
   237  //      isn't recognized.
   238  //
   239  //   * ConcurrentModificationException
   240  //   The target of the operation is currently being modified by a different request.
   241  //   Try again later.
   242  //
   243  //   * ServiceException
   244  //   AWS Organizations can't complete your request because of an internal service
   245  //   error. Try again later.
   246  //
   247  //   * TooManyRequestsException
   248  //   You have sent too many requests in too short a period of time. The quota
   249  //   helps protect against denial-of-service attacks. Try again later.
   250  //
   251  //   For information about quotas that affect AWS Organizations, see Quotas for
   252  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
   253  //   the AWS Organizations User Guide.
   254  //
   255  //   * AccessDeniedForDependencyException
   256  //   The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
   257  //   for organizations.amazonaws.com permission so that AWS Organizations can
   258  //   create the required service-linked role. You don't have that permission.
   259  //
   260  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AcceptHandshake
   261  func (c *Organizations) AcceptHandshake(input *AcceptHandshakeInput) (*AcceptHandshakeOutput, error) {
   262  	req, out := c.AcceptHandshakeRequest(input)
   263  	return out, req.Send()
   264  }
   265  
   266  // AcceptHandshakeWithContext is the same as AcceptHandshake with the addition of
   267  // the ability to pass a context and additional request options.
   268  //
   269  // See AcceptHandshake for details on how to use this API operation.
   270  //
   271  // The context must be non-nil and will be used for request cancellation. If
   272  // the context is nil a panic will occur. In the future the SDK may create
   273  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
   274  // for more information on using Contexts.
   275  func (c *Organizations) AcceptHandshakeWithContext(ctx aws.Context, input *AcceptHandshakeInput, opts ...request.Option) (*AcceptHandshakeOutput, error) {
   276  	req, out := c.AcceptHandshakeRequest(input)
   277  	req.SetContext(ctx)
   278  	req.ApplyOptions(opts...)
   279  	return out, req.Send()
   280  }
   281  
   282  const opAttachPolicy = "AttachPolicy"
   283  
   284  // AttachPolicyRequest generates a "aws/request.Request" representing the
   285  // client's request for the AttachPolicy operation. The "output" return
   286  // value will be populated with the request's response once the request completes
   287  // successfully.
   288  //
   289  // Use "Send" method on the returned Request to send the API call to the service.
   290  // the "output" return value is not valid until after Send returns without error.
   291  //
   292  // See AttachPolicy for more information on using the AttachPolicy
   293  // API call, and error handling.
   294  //
   295  // This method is useful when you want to inject custom logic or configuration
   296  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
   297  //
   298  //
   299  //    // Example sending a request using the AttachPolicyRequest method.
   300  //    req, resp := client.AttachPolicyRequest(params)
   301  //
   302  //    err := req.Send()
   303  //    if err == nil { // resp is now filled
   304  //        fmt.Println(resp)
   305  //    }
   306  //
   307  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
   308  func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *request.Request, output *AttachPolicyOutput) {
   309  	op := &request.Operation{
   310  		Name:       opAttachPolicy,
   311  		HTTPMethod: "POST",
   312  		HTTPPath:   "/",
   313  	}
   314  
   315  	if input == nil {
   316  		input = &AttachPolicyInput{}
   317  	}
   318  
   319  	output = &AttachPolicyOutput{}
   320  	req = c.newRequest(op, input, output)
   321  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
   322  	return
   323  }
   324  
   325  // AttachPolicy API operation for AWS Organizations.
   326  //
   327  // Attaches a policy to a root, an organizational unit (OU), or an individual
   328  // account. How the policy affects accounts depends on the type of policy. Refer
   329  // to the AWS Organizations User Guide for information about each policy type:
   330  //
   331  //    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
   332  //
   333  //    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
   334  //
   335  //    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
   336  //
   337  //    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
   338  //
   339  // This operation can be called only from the organization's management account.
   340  //
   341  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
   342  // with awserr.Error's Code and Message methods to get detailed information about
   343  // the error.
   344  //
   345  // See the AWS API reference guide for AWS Organizations's
   346  // API operation AttachPolicy for usage and error information.
   347  //
   348  // Returned Error Types:
   349  //   * AccessDeniedException
   350  //   You don't have permissions to perform the requested operation. The user or
   351  //   role that is making the request must have at least one IAM permissions policy
   352  //   attached that grants the required permissions. For more information, see
   353  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
   354  //   in the IAM User Guide.
   355  //
   356  //   * AWSOrganizationsNotInUseException
   357  //   Your account isn't a member of an organization. To make this request, you
   358  //   must use the credentials of an account that belongs to an organization.
   359  //
   360  //   * ConcurrentModificationException
   361  //   The target of the operation is currently being modified by a different request.
   362  //   Try again later.
   363  //
   364  //   * ConstraintViolationException
   365  //   Performing this operation violates a minimum or maximum value limit. For
   366  //   example, attempting to remove the last service control policy (SCP) from
   367  //   an OU or root, inviting or creating too many accounts to the organization,
   368  //   or attaching too many policies to an account, OU, or root. This exception
   369  //   includes a reason that contains additional information about the violated
   370  //   limit:
   371  //
   372  //   Some of the reasons in the following list might not be applicable to this
   373  //   specific API or operation.
   374  //
   375  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
   376  //      account from the organization. You can't remove the management account.
   377  //      Instead, after you remove all member accounts, delete the organization
   378  //      itself.
   379  //
   380  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
   381  //      from the organization that doesn't yet have enough information to exist
   382  //      as a standalone account. This account requires you to first agree to the
   383  //      AWS Customer Agreement. Follow the steps at Removing a member account
   384  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
   385  //      the AWS Organizations User Guide.
   386  //
   387  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
   388  //      an account from the organization that doesn't yet have enough information
   389  //      to exist as a standalone account. This account requires you to first complete
   390  //      phone verification. Follow the steps at Removing a member account from
   391  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
   392  //      in the AWS Organizations User Guide.
   393  //
   394  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
   395  //      of accounts that you can create in one day.
   396  //
   397  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
   398  //      the number of accounts in an organization. If you need more accounts,
   399  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
   400  //      request an increase in your limit. Or the number of invitations that you
   401  //      tried to send would cause you to exceed the limit of accounts in your
   402  //      organization. Send fewer invitations or contact AWS Support to request
   403  //      an increase in the number of accounts. Deleted and closed accounts still
   404  //      count toward your limit. If you get this exception when running a command
   405  //      immediately after creating the organization, wait one hour and try again.
   406  //      After an hour, if the command continues to fail with this error, contact
   407  //      AWS Support (https://console.aws.amazon.com/support/home#/).
   408  //
   409  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
   410  //      register the management account of the organization as a delegated administrator
   411  //      for an AWS service integrated with Organizations. You can designate only
   412  //      a member account as a delegated administrator.
   413  //
   414  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
   415  //      an account that is registered as a delegated administrator for a service
   416  //      integrated with your organization. To complete this operation, you must
   417  //      first deregister this account as a delegated administrator.
   418  //
   419  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
   420  //      organization in the specified region, you must enable all features mode.
   421  //
   422  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
   423  //      an AWS account as a delegated administrator for an AWS service that already
   424  //      has a delegated administrator. To complete this operation, you must first
   425  //      deregister any existing delegated administrators for this service.
   426  //
   427  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
   428  //      valid for a limited period of time. You must resubmit the request and
   429  //      generate a new verfication code.
   430  //
   431  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
   432  //      handshakes that you can send in one day.
   433  //
   434  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
   435  //      in this organization, you first must migrate the organization's management
   436  //      account to the marketplace that corresponds to the management account's
   437  //      address. For example, accounts with India addresses must be associated
   438  //      with the AISPL marketplace. All accounts in an organization must be associated
   439  //      with the same marketplace.
   440  //
   441  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
   442  //      in China. To create an organization, the master must have a valid business
   443  //      license. For more information, contact customer support.
   444  //
   445  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
   446  //      must first provide a valid contact address and phone number for the management
   447  //      account. Then try the operation again.
   448  //
   449  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
   450  //      management account must have an associated account in the AWS GovCloud
   451  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
   452  //      in the AWS GovCloud User Guide.
   453  //
   454  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
   455  //      with this management account, you first must associate a valid payment
   456  //      instrument, such as a credit card, with the account. Follow the steps
   457  //      at To leave an organization when all required account information has
   458  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
   459  //      in the AWS Organizations User Guide.
   460  //
   461  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
   462  //      to register more delegated administrators than allowed for the service
   463  //      principal.
   464  //
   465  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
   466  //      number of policies of a certain type that can be attached to an entity
   467  //      at one time.
   468  //
   469  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
   470  //      on this resource.
   471  //
   472  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
   473  //      with this member account, you first must associate a valid payment instrument,
   474  //      such as a credit card, with the account. Follow the steps at To leave
   475  //      an organization when all required account information has not yet been
   476  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
   477  //      in the AWS Organizations User Guide.
   478  //
   479  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
   480  //      policy from an entity that would cause the entity to have fewer than the
   481  //      minimum number of policies of a certain type required.
   482  //
   483  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
   484  //      that requires the organization to be configured to support all features.
   485  //      An organization that supports only consolidated billing features can't
   486  //      perform this operation.
   487  //
   488  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
   489  //      too many levels deep.
   490  //
   491  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
   492  //      that you can have in an organization.
   493  //
   494  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
   495  //      is larger than the maximum size.
   496  //
   497  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
   498  //      policies that you can have in an organization.
   499  //
   500  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
   501  //      tags that are not compliant with the tag policy requirements for this
   502  //      account.
   503  //
   504  //   * DuplicatePolicyAttachmentException
   505  //   The selected policy is already attached to the specified target.
   506  //
   507  //   * InvalidInputException
   508  //   The requested operation failed because you provided invalid values for one
   509  //   or more of the request parameters. This exception includes a reason that
   510  //   contains additional information about the violated limit:
   511  //
   512  //   Some of the reasons in the following list might not be applicable to this
   513  //   specific API or operation.
   514  //
   515  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
   516  //      the same entity.
   517  //
   518  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
   519  //      can't be modified.
   520  //
   521  //      * INPUT_REQUIRED: You must include a value for all required parameters.
   522  //
   523  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
   524  //      for the invited account owner.
   525  //
   526  //      * INVALID_ENUM: You specified an invalid value.
   527  //
   528  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
   529  //
   530  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
   531  //      characters.
   532  //
   533  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
   534  //      at least one invalid value.
   535  //
   536  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
   537  //      from the response to a previous call of the operation.
   538  //
   539  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
   540  //      organization, or email) as a party.
   541  //
   542  //      * INVALID_PATTERN: You provided a value that doesn't match the required
   543  //      pattern.
   544  //
   545  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
   546  //      match the required pattern.
   547  //
   548  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
   549  //      name can't begin with the reserved prefix AWSServiceRoleFor.
   550  //
   551  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
   552  //      Name (ARN) for the organization.
   553  //
   554  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
   555  //
   556  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
   557  //      tag. You can’t add, edit, or delete system tag keys because they're
   558  //      reserved for AWS use. System tags don’t count against your tags per
   559  //      resource limit.
   560  //
   561  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
   562  //      for the operation.
   563  //
   564  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
   565  //      than allowed.
   566  //
   567  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
   568  //      value than allowed.
   569  //
   570  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
   571  //      than allowed.
   572  //
   573  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
   574  //      value than allowed.
   575  //
   576  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
   577  //      between entities in the same root.
   578  //
   579  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
   580  //      target entity.
   581  //
   582  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
   583  //      isn't recognized.
   584  //
   585  //   * PolicyNotFoundException
   586  //   We can't find a policy with the PolicyId that you specified.
   587  //
   588  //   * PolicyTypeNotEnabledException
   589  //   The specified policy type isn't currently enabled in this root. You can't
   590  //   attach policies of the specified type to entities in a root until you enable
   591  //   that type in the root. For more information, see Enabling All Features in
   592  //   Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
   593  //   in the AWS Organizations User Guide.
   594  //
   595  //   * ServiceException
   596  //   AWS Organizations can't complete your request because of an internal service
   597  //   error. Try again later.
   598  //
   599  //   * TargetNotFoundException
   600  //   We can't find a root, OU, account, or policy with the TargetId that you specified.
   601  //
   602  //   * TooManyRequestsException
   603  //   You have sent too many requests in too short a period of time. The quota
   604  //   helps protect against denial-of-service attacks. Try again later.
   605  //
   606  //   For information about quotas that affect AWS Organizations, see Quotas for
   607  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
   608  //   the AWS Organizations User Guide.
   609  //
   610  //   * UnsupportedAPIEndpointException
   611  //   This action isn't available in the current AWS Region.
   612  //
   613  //   * PolicyChangesInProgressException
   614  //   Changes to the effective policy are in progress, and its contents can't be
   615  //   returned. Try the operation again later.
   616  //
   617  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/AttachPolicy
   618  func (c *Organizations) AttachPolicy(input *AttachPolicyInput) (*AttachPolicyOutput, error) {
   619  	req, out := c.AttachPolicyRequest(input)
   620  	return out, req.Send()
   621  }
   622  
   623  // AttachPolicyWithContext is the same as AttachPolicy with the addition of
   624  // the ability to pass a context and additional request options.
   625  //
   626  // See AttachPolicy for details on how to use this API operation.
   627  //
   628  // The context must be non-nil and will be used for request cancellation. If
   629  // the context is nil a panic will occur. In the future the SDK may create
   630  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
   631  // for more information on using Contexts.
   632  func (c *Organizations) AttachPolicyWithContext(ctx aws.Context, input *AttachPolicyInput, opts ...request.Option) (*AttachPolicyOutput, error) {
   633  	req, out := c.AttachPolicyRequest(input)
   634  	req.SetContext(ctx)
   635  	req.ApplyOptions(opts...)
   636  	return out, req.Send()
   637  }
   638  
   639  const opCancelHandshake = "CancelHandshake"
   640  
   641  // CancelHandshakeRequest generates a "aws/request.Request" representing the
   642  // client's request for the CancelHandshake operation. The "output" return
   643  // value will be populated with the request's response once the request completes
   644  // successfully.
   645  //
   646  // Use "Send" method on the returned Request to send the API call to the service.
   647  // the "output" return value is not valid until after Send returns without error.
   648  //
   649  // See CancelHandshake for more information on using the CancelHandshake
   650  // API call, and error handling.
   651  //
   652  // This method is useful when you want to inject custom logic or configuration
   653  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
   654  //
   655  //
   656  //    // Example sending a request using the CancelHandshakeRequest method.
   657  //    req, resp := client.CancelHandshakeRequest(params)
   658  //
   659  //    err := req.Send()
   660  //    if err == nil { // resp is now filled
   661  //        fmt.Println(resp)
   662  //    }
   663  //
   664  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
   665  func (c *Organizations) CancelHandshakeRequest(input *CancelHandshakeInput) (req *request.Request, output *CancelHandshakeOutput) {
   666  	op := &request.Operation{
   667  		Name:       opCancelHandshake,
   668  		HTTPMethod: "POST",
   669  		HTTPPath:   "/",
   670  	}
   671  
   672  	if input == nil {
   673  		input = &CancelHandshakeInput{}
   674  	}
   675  
   676  	output = &CancelHandshakeOutput{}
   677  	req = c.newRequest(op, input, output)
   678  	return
   679  }
   680  
   681  // CancelHandshake API operation for AWS Organizations.
   682  //
   683  // Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
   684  //
   685  // This operation can be called only from the account that originated the handshake.
   686  // The recipient of the handshake can't cancel it, but can use DeclineHandshake
   687  // instead. After a handshake is canceled, the recipient can no longer respond
   688  // to that handshake.
   689  //
   690  // After you cancel a handshake, it continues to appear in the results of relevant
   691  // APIs for only 30 days. After that, it's deleted.
   692  //
   693  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
   694  // with awserr.Error's Code and Message methods to get detailed information about
   695  // the error.
   696  //
   697  // See the AWS API reference guide for AWS Organizations's
   698  // API operation CancelHandshake for usage and error information.
   699  //
   700  // Returned Error Types:
   701  //   * AccessDeniedException
   702  //   You don't have permissions to perform the requested operation. The user or
   703  //   role that is making the request must have at least one IAM permissions policy
   704  //   attached that grants the required permissions. For more information, see
   705  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
   706  //   in the IAM User Guide.
   707  //
   708  //   * ConcurrentModificationException
   709  //   The target of the operation is currently being modified by a different request.
   710  //   Try again later.
   711  //
   712  //   * HandshakeNotFoundException
   713  //   We can't find a handshake with the HandshakeId that you specified.
   714  //
   715  //   * InvalidHandshakeTransitionException
   716  //   You can't perform the operation on the handshake in its current state. For
   717  //   example, you can't cancel a handshake that was already accepted or accept
   718  //   a handshake that was already declined.
   719  //
   720  //   * HandshakeAlreadyInStateException
   721  //   The specified handshake is already in the requested state. For example, you
   722  //   can't accept a handshake that was already accepted.
   723  //
   724  //   * InvalidInputException
   725  //   The requested operation failed because you provided invalid values for one
   726  //   or more of the request parameters. This exception includes a reason that
   727  //   contains additional information about the violated limit:
   728  //
   729  //   Some of the reasons in the following list might not be applicable to this
   730  //   specific API or operation.
   731  //
   732  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
   733  //      the same entity.
   734  //
   735  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
   736  //      can't be modified.
   737  //
   738  //      * INPUT_REQUIRED: You must include a value for all required parameters.
   739  //
   740  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
   741  //      for the invited account owner.
   742  //
   743  //      * INVALID_ENUM: You specified an invalid value.
   744  //
   745  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
   746  //
   747  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
   748  //      characters.
   749  //
   750  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
   751  //      at least one invalid value.
   752  //
   753  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
   754  //      from the response to a previous call of the operation.
   755  //
   756  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
   757  //      organization, or email) as a party.
   758  //
   759  //      * INVALID_PATTERN: You provided a value that doesn't match the required
   760  //      pattern.
   761  //
   762  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
   763  //      match the required pattern.
   764  //
   765  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
   766  //      name can't begin with the reserved prefix AWSServiceRoleFor.
   767  //
   768  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
   769  //      Name (ARN) for the organization.
   770  //
   771  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
   772  //
   773  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
   774  //      tag. You can’t add, edit, or delete system tag keys because they're
   775  //      reserved for AWS use. System tags don’t count against your tags per
   776  //      resource limit.
   777  //
   778  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
   779  //      for the operation.
   780  //
   781  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
   782  //      than allowed.
   783  //
   784  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
   785  //      value than allowed.
   786  //
   787  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
   788  //      than allowed.
   789  //
   790  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
   791  //      value than allowed.
   792  //
   793  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
   794  //      between entities in the same root.
   795  //
   796  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
   797  //      target entity.
   798  //
   799  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
   800  //      isn't recognized.
   801  //
   802  //   * ServiceException
   803  //   AWS Organizations can't complete your request because of an internal service
   804  //   error. Try again later.
   805  //
   806  //   * TooManyRequestsException
   807  //   You have sent too many requests in too short a period of time. The quota
   808  //   helps protect against denial-of-service attacks. Try again later.
   809  //
   810  //   For information about quotas that affect AWS Organizations, see Quotas for
   811  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
   812  //   the AWS Organizations User Guide.
   813  //
   814  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CancelHandshake
   815  func (c *Organizations) CancelHandshake(input *CancelHandshakeInput) (*CancelHandshakeOutput, error) {
   816  	req, out := c.CancelHandshakeRequest(input)
   817  	return out, req.Send()
   818  }
   819  
   820  // CancelHandshakeWithContext is the same as CancelHandshake with the addition of
   821  // the ability to pass a context and additional request options.
   822  //
   823  // See CancelHandshake for details on how to use this API operation.
   824  //
   825  // The context must be non-nil and will be used for request cancellation. If
   826  // the context is nil a panic will occur. In the future the SDK may create
   827  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
   828  // for more information on using Contexts.
   829  func (c *Organizations) CancelHandshakeWithContext(ctx aws.Context, input *CancelHandshakeInput, opts ...request.Option) (*CancelHandshakeOutput, error) {
   830  	req, out := c.CancelHandshakeRequest(input)
   831  	req.SetContext(ctx)
   832  	req.ApplyOptions(opts...)
   833  	return out, req.Send()
   834  }
   835  
   836  const opCreateAccount = "CreateAccount"
   837  
   838  // CreateAccountRequest generates a "aws/request.Request" representing the
   839  // client's request for the CreateAccount operation. The "output" return
   840  // value will be populated with the request's response once the request completes
   841  // successfully.
   842  //
   843  // Use "Send" method on the returned Request to send the API call to the service.
   844  // the "output" return value is not valid until after Send returns without error.
   845  //
   846  // See CreateAccount for more information on using the CreateAccount
   847  // API call, and error handling.
   848  //
   849  // This method is useful when you want to inject custom logic or configuration
   850  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
   851  //
   852  //
   853  //    // Example sending a request using the CreateAccountRequest method.
   854  //    req, resp := client.CreateAccountRequest(params)
   855  //
   856  //    err := req.Send()
   857  //    if err == nil { // resp is now filled
   858  //        fmt.Println(resp)
   859  //    }
   860  //
   861  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
   862  func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *request.Request, output *CreateAccountOutput) {
   863  	op := &request.Operation{
   864  		Name:       opCreateAccount,
   865  		HTTPMethod: "POST",
   866  		HTTPPath:   "/",
   867  	}
   868  
   869  	if input == nil {
   870  		input = &CreateAccountInput{}
   871  	}
   872  
   873  	output = &CreateAccountOutput{}
   874  	req = c.newRequest(op, input, output)
   875  	return
   876  }
   877  
   878  // CreateAccount API operation for AWS Organizations.
   879  //
   880  // Creates an AWS account that is automatically a member of the organization
   881  // whose credentials made the request. This is an asynchronous request that
   882  // AWS performs in the background. Because CreateAccount operates asynchronously,
   883  // it can return a successful completion message even though account initialization
   884  // might still be in progress. You might need to wait a few minutes before you
   885  // can successfully access the account. To check the status of the request,
   886  // do one of the following:
   887  //
   888  //    * Use the Id member of the CreateAccountStatus response element from this
   889  //    operation to provide as a parameter to the DescribeCreateAccountStatus
   890  //    operation.
   891  //
   892  //    * Check the AWS CloudTrail log for the CreateAccountResult event. For
   893  //    information on using AWS CloudTrail with AWS Organizations, see Logging
   894  //    and monitoring in AWS Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration)
   895  //    in the AWS Organizations User Guide.
   896  //
   897  // The user who calls the API to create an account must have the organizations:CreateAccount
   898  // permission. If you enabled all features in the organization, AWS Organizations
   899  // creates the required service-linked role named AWSServiceRoleForOrganizations.
   900  // For more information, see AWS Organizations and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
   901  // in the AWS Organizations User Guide.
   902  //
   903  // If the request includes tags, then the requester must have the organizations:TagResource
   904  // permission.
   905  //
   906  // AWS Organizations preconfigures the new member account with a role (named
   907  // OrganizationAccountAccessRole by default) that grants users in the management
   908  // account administrator permissions in the new member account. Principals in
   909  // the management account can assume the role. AWS Organizations clones the
   910  // company name and address information for the new account from the organization's
   911  // management account.
   912  //
   913  // This operation can be called only from the organization's management account.
   914  //
   915  // For more information about creating accounts, see Creating an AWS Account
   916  // in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
   917  // in the AWS Organizations User Guide.
   918  //
   919  //    * When you create an account in an organization using the AWS Organizations
   920  //    console, API, or CLI commands, the information required for the account
   921  //    to operate as a standalone account, such as a payment method and signing
   922  //    the end user license agreement (EULA) is not automatically collected.
   923  //    If you must remove an account from your organization later, you can do
   924  //    so only after you provide the missing information. Follow the steps at
   925  //    To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
   926  //    in the AWS Organizations User Guide.
   927  //
   928  //    * If you get an exception that indicates that you exceeded your account
   929  //    limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/).
   930  //
   931  //    * If you get an exception that indicates that the operation failed because
   932  //    your organization is still initializing, wait one hour and then try again.
   933  //    If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/).
   934  //
   935  //    * Using CreateAccount to create multiple temporary accounts isn't recommended.
   936  //    You can only close an account from the Billing and Cost Management Console,
   937  //    and you must be signed in as the root user. For information on the requirements
   938  //    and process for closing an account, see Closing an AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
   939  //    in the AWS Organizations User Guide.
   940  //
   941  // When you create a member account with this operation, you can choose whether
   942  // to create the account with the IAM User and Role Access to Billing Information
   943  // switch enabled. If you enable it, IAM users and roles that have appropriate
   944  // permissions can view billing information for the account. If you disable
   945  // it, only the account root user can access billing information. For information
   946  // about how to disable this switch for an account, see Granting Access to Your
   947  // Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
   948  //
   949  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
   950  // with awserr.Error's Code and Message methods to get detailed information about
   951  // the error.
   952  //
   953  // See the AWS API reference guide for AWS Organizations's
   954  // API operation CreateAccount for usage and error information.
   955  //
   956  // Returned Error Types:
   957  //   * AccessDeniedException
   958  //   You don't have permissions to perform the requested operation. The user or
   959  //   role that is making the request must have at least one IAM permissions policy
   960  //   attached that grants the required permissions. For more information, see
   961  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
   962  //   in the IAM User Guide.
   963  //
   964  //   * AWSOrganizationsNotInUseException
   965  //   Your account isn't a member of an organization. To make this request, you
   966  //   must use the credentials of an account that belongs to an organization.
   967  //
   968  //   * ConcurrentModificationException
   969  //   The target of the operation is currently being modified by a different request.
   970  //   Try again later.
   971  //
   972  //   * ConstraintViolationException
   973  //   Performing this operation violates a minimum or maximum value limit. For
   974  //   example, attempting to remove the last service control policy (SCP) from
   975  //   an OU or root, inviting or creating too many accounts to the organization,
   976  //   or attaching too many policies to an account, OU, or root. This exception
   977  //   includes a reason that contains additional information about the violated
   978  //   limit:
   979  //
   980  //   Some of the reasons in the following list might not be applicable to this
   981  //   specific API or operation.
   982  //
   983  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
   984  //      account from the organization. You can't remove the management account.
   985  //      Instead, after you remove all member accounts, delete the organization
   986  //      itself.
   987  //
   988  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
   989  //      from the organization that doesn't yet have enough information to exist
   990  //      as a standalone account. This account requires you to first agree to the
   991  //      AWS Customer Agreement. Follow the steps at Removing a member account
   992  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
   993  //      the AWS Organizations User Guide.
   994  //
   995  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
   996  //      an account from the organization that doesn't yet have enough information
   997  //      to exist as a standalone account. This account requires you to first complete
   998  //      phone verification. Follow the steps at Removing a member account from
   999  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  1000  //      in the AWS Organizations User Guide.
  1001  //
  1002  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  1003  //      of accounts that you can create in one day.
  1004  //
  1005  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  1006  //      the number of accounts in an organization. If you need more accounts,
  1007  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  1008  //      request an increase in your limit. Or the number of invitations that you
  1009  //      tried to send would cause you to exceed the limit of accounts in your
  1010  //      organization. Send fewer invitations or contact AWS Support to request
  1011  //      an increase in the number of accounts. Deleted and closed accounts still
  1012  //      count toward your limit. If you get this exception when running a command
  1013  //      immediately after creating the organization, wait one hour and try again.
  1014  //      After an hour, if the command continues to fail with this error, contact
  1015  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  1016  //
  1017  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  1018  //      register the management account of the organization as a delegated administrator
  1019  //      for an AWS service integrated with Organizations. You can designate only
  1020  //      a member account as a delegated administrator.
  1021  //
  1022  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  1023  //      an account that is registered as a delegated administrator for a service
  1024  //      integrated with your organization. To complete this operation, you must
  1025  //      first deregister this account as a delegated administrator.
  1026  //
  1027  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  1028  //      organization in the specified region, you must enable all features mode.
  1029  //
  1030  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  1031  //      an AWS account as a delegated administrator for an AWS service that already
  1032  //      has a delegated administrator. To complete this operation, you must first
  1033  //      deregister any existing delegated administrators for this service.
  1034  //
  1035  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  1036  //      valid for a limited period of time. You must resubmit the request and
  1037  //      generate a new verfication code.
  1038  //
  1039  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  1040  //      handshakes that you can send in one day.
  1041  //
  1042  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  1043  //      in this organization, you first must migrate the organization's management
  1044  //      account to the marketplace that corresponds to the management account's
  1045  //      address. For example, accounts with India addresses must be associated
  1046  //      with the AISPL marketplace. All accounts in an organization must be associated
  1047  //      with the same marketplace.
  1048  //
  1049  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  1050  //      in China. To create an organization, the master must have a valid business
  1051  //      license. For more information, contact customer support.
  1052  //
  1053  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  1054  //      must first provide a valid contact address and phone number for the management
  1055  //      account. Then try the operation again.
  1056  //
  1057  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  1058  //      management account must have an associated account in the AWS GovCloud
  1059  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  1060  //      in the AWS GovCloud User Guide.
  1061  //
  1062  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  1063  //      with this management account, you first must associate a valid payment
  1064  //      instrument, such as a credit card, with the account. Follow the steps
  1065  //      at To leave an organization when all required account information has
  1066  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  1067  //      in the AWS Organizations User Guide.
  1068  //
  1069  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  1070  //      to register more delegated administrators than allowed for the service
  1071  //      principal.
  1072  //
  1073  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  1074  //      number of policies of a certain type that can be attached to an entity
  1075  //      at one time.
  1076  //
  1077  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  1078  //      on this resource.
  1079  //
  1080  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  1081  //      with this member account, you first must associate a valid payment instrument,
  1082  //      such as a credit card, with the account. Follow the steps at To leave
  1083  //      an organization when all required account information has not yet been
  1084  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  1085  //      in the AWS Organizations User Guide.
  1086  //
  1087  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  1088  //      policy from an entity that would cause the entity to have fewer than the
  1089  //      minimum number of policies of a certain type required.
  1090  //
  1091  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  1092  //      that requires the organization to be configured to support all features.
  1093  //      An organization that supports only consolidated billing features can't
  1094  //      perform this operation.
  1095  //
  1096  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  1097  //      too many levels deep.
  1098  //
  1099  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  1100  //      that you can have in an organization.
  1101  //
  1102  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  1103  //      is larger than the maximum size.
  1104  //
  1105  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  1106  //      policies that you can have in an organization.
  1107  //
  1108  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  1109  //      tags that are not compliant with the tag policy requirements for this
  1110  //      account.
  1111  //
  1112  //   * InvalidInputException
  1113  //   The requested operation failed because you provided invalid values for one
  1114  //   or more of the request parameters. This exception includes a reason that
  1115  //   contains additional information about the violated limit:
  1116  //
  1117  //   Some of the reasons in the following list might not be applicable to this
  1118  //   specific API or operation.
  1119  //
  1120  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  1121  //      the same entity.
  1122  //
  1123  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  1124  //      can't be modified.
  1125  //
  1126  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  1127  //
  1128  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  1129  //      for the invited account owner.
  1130  //
  1131  //      * INVALID_ENUM: You specified an invalid value.
  1132  //
  1133  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  1134  //
  1135  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  1136  //      characters.
  1137  //
  1138  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  1139  //      at least one invalid value.
  1140  //
  1141  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  1142  //      from the response to a previous call of the operation.
  1143  //
  1144  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  1145  //      organization, or email) as a party.
  1146  //
  1147  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  1148  //      pattern.
  1149  //
  1150  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  1151  //      match the required pattern.
  1152  //
  1153  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  1154  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  1155  //
  1156  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  1157  //      Name (ARN) for the organization.
  1158  //
  1159  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  1160  //
  1161  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  1162  //      tag. You can’t add, edit, or delete system tag keys because they're
  1163  //      reserved for AWS use. System tags don’t count against your tags per
  1164  //      resource limit.
  1165  //
  1166  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  1167  //      for the operation.
  1168  //
  1169  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  1170  //      than allowed.
  1171  //
  1172  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  1173  //      value than allowed.
  1174  //
  1175  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  1176  //      than allowed.
  1177  //
  1178  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  1179  //      value than allowed.
  1180  //
  1181  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  1182  //      between entities in the same root.
  1183  //
  1184  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  1185  //      target entity.
  1186  //
  1187  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  1188  //      isn't recognized.
  1189  //
  1190  //   * FinalizingOrganizationException
  1191  //   AWS Organizations couldn't perform the operation because your organization
  1192  //   hasn't finished initializing. This can take up to an hour. Try again later.
  1193  //   If after one hour you continue to receive this error, contact AWS Support
  1194  //   (https://console.aws.amazon.com/support/home#/).
  1195  //
  1196  //   * ServiceException
  1197  //   AWS Organizations can't complete your request because of an internal service
  1198  //   error. Try again later.
  1199  //
  1200  //   * TooManyRequestsException
  1201  //   You have sent too many requests in too short a period of time. The quota
  1202  //   helps protect against denial-of-service attacks. Try again later.
  1203  //
  1204  //   For information about quotas that affect AWS Organizations, see Quotas for
  1205  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  1206  //   the AWS Organizations User Guide.
  1207  //
  1208  //   * UnsupportedAPIEndpointException
  1209  //   This action isn't available in the current AWS Region.
  1210  //
  1211  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateAccount
  1212  func (c *Organizations) CreateAccount(input *CreateAccountInput) (*CreateAccountOutput, error) {
  1213  	req, out := c.CreateAccountRequest(input)
  1214  	return out, req.Send()
  1215  }
  1216  
  1217  // CreateAccountWithContext is the same as CreateAccount with the addition of
  1218  // the ability to pass a context and additional request options.
  1219  //
  1220  // See CreateAccount for details on how to use this API operation.
  1221  //
  1222  // The context must be non-nil and will be used for request cancellation. If
  1223  // the context is nil a panic will occur. In the future the SDK may create
  1224  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  1225  // for more information on using Contexts.
  1226  func (c *Organizations) CreateAccountWithContext(ctx aws.Context, input *CreateAccountInput, opts ...request.Option) (*CreateAccountOutput, error) {
  1227  	req, out := c.CreateAccountRequest(input)
  1228  	req.SetContext(ctx)
  1229  	req.ApplyOptions(opts...)
  1230  	return out, req.Send()
  1231  }
  1232  
  1233  const opCreateGovCloudAccount = "CreateGovCloudAccount"
  1234  
  1235  // CreateGovCloudAccountRequest generates a "aws/request.Request" representing the
  1236  // client's request for the CreateGovCloudAccount operation. The "output" return
  1237  // value will be populated with the request's response once the request completes
  1238  // successfully.
  1239  //
  1240  // Use "Send" method on the returned Request to send the API call to the service.
  1241  // the "output" return value is not valid until after Send returns without error.
  1242  //
  1243  // See CreateGovCloudAccount for more information on using the CreateGovCloudAccount
  1244  // API call, and error handling.
  1245  //
  1246  // This method is useful when you want to inject custom logic or configuration
  1247  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  1248  //
  1249  //
  1250  //    // Example sending a request using the CreateGovCloudAccountRequest method.
  1251  //    req, resp := client.CreateGovCloudAccountRequest(params)
  1252  //
  1253  //    err := req.Send()
  1254  //    if err == nil { // resp is now filled
  1255  //        fmt.Println(resp)
  1256  //    }
  1257  //
  1258  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
  1259  func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccountInput) (req *request.Request, output *CreateGovCloudAccountOutput) {
  1260  	op := &request.Operation{
  1261  		Name:       opCreateGovCloudAccount,
  1262  		HTTPMethod: "POST",
  1263  		HTTPPath:   "/",
  1264  	}
  1265  
  1266  	if input == nil {
  1267  		input = &CreateGovCloudAccountInput{}
  1268  	}
  1269  
  1270  	output = &CreateGovCloudAccountOutput{}
  1271  	req = c.newRequest(op, input, output)
  1272  	return
  1273  }
  1274  
  1275  // CreateGovCloudAccount API operation for AWS Organizations.
  1276  //
  1277  // This action is available if all of the following are true:
  1278  //
  1279  //    * You're authorized to create accounts in the AWS GovCloud (US) Region.
  1280  //    For more information on the AWS GovCloud (US) Region, see the AWS GovCloud
  1281  //    User Guide. (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html)
  1282  //
  1283  //    * You already have an account in the AWS GovCloud (US) Region that is
  1284  //    paired with a management account of an organization in the commercial
  1285  //    Region.
  1286  //
  1287  //    * You call this action from the management account of your organization
  1288  //    in the commercial Region.
  1289  //
  1290  //    * You have the organizations:CreateGovCloudAccount permission.
  1291  //
  1292  // AWS Organizations automatically creates the required service-linked role
  1293  // named AWSServiceRoleForOrganizations. For more information, see AWS Organizations
  1294  // and Service-Linked Roles (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html#orgs_integrate_services-using_slrs)
  1295  // in the AWS Organizations User Guide.
  1296  //
  1297  // AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts,
  1298  // but you should also do the following:
  1299  //
  1300  //    * Verify that AWS CloudTrail is enabled to store logs.
  1301  //
  1302  //    * Create an S3 bucket for AWS CloudTrail log storage. For more information,
  1303  //    see Verifying AWS CloudTrail Is Enabled (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/verifying-cloudtrail.html)
  1304  //    in the AWS GovCloud User Guide.
  1305  //
  1306  // If the request includes tags, then the requester must have the organizations:TagResource
  1307  // permission. The tags are attached to the commercial account associated with
  1308  // the GovCloud account, rather than the GovCloud account itself. To add tags
  1309  // to the GovCloud account, call the TagResource operation in the GovCloud Region
  1310  // after the new GovCloud account exists.
  1311  //
  1312  // You call this action from the management account of your organization in
  1313  // the commercial Region to create a standalone AWS account in the AWS GovCloud
  1314  // (US) Region. After the account is created, the management account of an organization
  1315  // in the AWS GovCloud (US) Region can invite it to that organization. For more
  1316  // information on inviting standalone accounts in the AWS GovCloud (US) to join
  1317  // an organization, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  1318  // in the AWS GovCloud User Guide.
  1319  //
  1320  // Calling CreateGovCloudAccount is an asynchronous request that AWS performs
  1321  // in the background. Because CreateGovCloudAccount operates asynchronously,
  1322  // it can return a successful completion message even though account initialization
  1323  // might still be in progress. You might need to wait a few minutes before you
  1324  // can successfully access the account. To check the status of the request,
  1325  // do one of the following:
  1326  //
  1327  //    * Use the OperationId response element from this operation to provide
  1328  //    as a parameter to the DescribeCreateAccountStatus operation.
  1329  //
  1330  //    * Check the AWS CloudTrail log for the CreateAccountResult event. For
  1331  //    information on using AWS CloudTrail with Organizations, see Monitoring
  1332  //    the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
  1333  //    in the AWS Organizations User Guide.
  1334  //
  1335  // When you call the CreateGovCloudAccount action, you create two accounts:
  1336  // a standalone account in the AWS GovCloud (US) Region and an associated account
  1337  // in the commercial Region for billing and support purposes. The account in
  1338  // the commercial Region is automatically a member of the organization whose
  1339  // credentials made the request. Both accounts are associated with the same
  1340  // email address.
  1341  //
  1342  // A role is created in the new account in the commercial Region that allows
  1343  // the management account in the organization in the commercial Region to assume
  1344  // it. An AWS GovCloud (US) account is then created and associated with the
  1345  // commercial account that you just created. A role is also created in the new
  1346  // AWS GovCloud (US) account that can be assumed by the AWS GovCloud (US) account
  1347  // that is associated with the management account of the commercial organization.
  1348  // For more information and to view a diagram that explains how account access
  1349  // works, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  1350  // in the AWS GovCloud User Guide.
  1351  //
  1352  // For more information about creating accounts, see Creating an AWS Account
  1353  // in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html)
  1354  // in the AWS Organizations User Guide.
  1355  //
  1356  //    * When you create an account in an organization using the AWS Organizations
  1357  //    console, API, or CLI commands, the information required for the account
  1358  //    to operate as a standalone account is not automatically collected. This
  1359  //    includes a payment method and signing the end user license agreement (EULA).
  1360  //    If you must remove an account from your organization later, you can do
  1361  //    so only after you provide the missing information. Follow the steps at
  1362  //    To leave an organization as a member account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  1363  //    in the AWS Organizations User Guide.
  1364  //
  1365  //    * If you get an exception that indicates that you exceeded your account
  1366  //    limits for the organization, contact AWS Support (https://console.aws.amazon.com/support/home#/).
  1367  //
  1368  //    * If you get an exception that indicates that the operation failed because
  1369  //    your organization is still initializing, wait one hour and then try again.
  1370  //    If the error persists, contact AWS Support (https://console.aws.amazon.com/support/home#/).
  1371  //
  1372  //    * Using CreateGovCloudAccount to create multiple temporary accounts isn't
  1373  //    recommended. You can only close an account from the AWS Billing and Cost
  1374  //    Management console, and you must be signed in as the root user. For information
  1375  //    on the requirements and process for closing an account, see Closing an
  1376  //    AWS Account (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html)
  1377  //    in the AWS Organizations User Guide.
  1378  //
  1379  // When you create a member account with this operation, you can choose whether
  1380  // to create the account with the IAM User and Role Access to Billing Information
  1381  // switch enabled. If you enable it, IAM users and roles that have appropriate
  1382  // permissions can view billing information for the account. If you disable
  1383  // it, only the account root user can access billing information. For information
  1384  // about how to disable this switch for an account, see Granting Access to Your
  1385  // Billing Information and Tools (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html).
  1386  //
  1387  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  1388  // with awserr.Error's Code and Message methods to get detailed information about
  1389  // the error.
  1390  //
  1391  // See the AWS API reference guide for AWS Organizations's
  1392  // API operation CreateGovCloudAccount for usage and error information.
  1393  //
  1394  // Returned Error Types:
  1395  //   * AccessDeniedException
  1396  //   You don't have permissions to perform the requested operation. The user or
  1397  //   role that is making the request must have at least one IAM permissions policy
  1398  //   attached that grants the required permissions. For more information, see
  1399  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  1400  //   in the IAM User Guide.
  1401  //
  1402  //   * AWSOrganizationsNotInUseException
  1403  //   Your account isn't a member of an organization. To make this request, you
  1404  //   must use the credentials of an account that belongs to an organization.
  1405  //
  1406  //   * ConcurrentModificationException
  1407  //   The target of the operation is currently being modified by a different request.
  1408  //   Try again later.
  1409  //
  1410  //   * ConstraintViolationException
  1411  //   Performing this operation violates a minimum or maximum value limit. For
  1412  //   example, attempting to remove the last service control policy (SCP) from
  1413  //   an OU or root, inviting or creating too many accounts to the organization,
  1414  //   or attaching too many policies to an account, OU, or root. This exception
  1415  //   includes a reason that contains additional information about the violated
  1416  //   limit:
  1417  //
  1418  //   Some of the reasons in the following list might not be applicable to this
  1419  //   specific API or operation.
  1420  //
  1421  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  1422  //      account from the organization. You can't remove the management account.
  1423  //      Instead, after you remove all member accounts, delete the organization
  1424  //      itself.
  1425  //
  1426  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  1427  //      from the organization that doesn't yet have enough information to exist
  1428  //      as a standalone account. This account requires you to first agree to the
  1429  //      AWS Customer Agreement. Follow the steps at Removing a member account
  1430  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  1431  //      the AWS Organizations User Guide.
  1432  //
  1433  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  1434  //      an account from the organization that doesn't yet have enough information
  1435  //      to exist as a standalone account. This account requires you to first complete
  1436  //      phone verification. Follow the steps at Removing a member account from
  1437  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  1438  //      in the AWS Organizations User Guide.
  1439  //
  1440  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  1441  //      of accounts that you can create in one day.
  1442  //
  1443  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  1444  //      the number of accounts in an organization. If you need more accounts,
  1445  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  1446  //      request an increase in your limit. Or the number of invitations that you
  1447  //      tried to send would cause you to exceed the limit of accounts in your
  1448  //      organization. Send fewer invitations or contact AWS Support to request
  1449  //      an increase in the number of accounts. Deleted and closed accounts still
  1450  //      count toward your limit. If you get this exception when running a command
  1451  //      immediately after creating the organization, wait one hour and try again.
  1452  //      After an hour, if the command continues to fail with this error, contact
  1453  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  1454  //
  1455  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  1456  //      register the management account of the organization as a delegated administrator
  1457  //      for an AWS service integrated with Organizations. You can designate only
  1458  //      a member account as a delegated administrator.
  1459  //
  1460  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  1461  //      an account that is registered as a delegated administrator for a service
  1462  //      integrated with your organization. To complete this operation, you must
  1463  //      first deregister this account as a delegated administrator.
  1464  //
  1465  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  1466  //      organization in the specified region, you must enable all features mode.
  1467  //
  1468  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  1469  //      an AWS account as a delegated administrator for an AWS service that already
  1470  //      has a delegated administrator. To complete this operation, you must first
  1471  //      deregister any existing delegated administrators for this service.
  1472  //
  1473  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  1474  //      valid for a limited period of time. You must resubmit the request and
  1475  //      generate a new verfication code.
  1476  //
  1477  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  1478  //      handshakes that you can send in one day.
  1479  //
  1480  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  1481  //      in this organization, you first must migrate the organization's management
  1482  //      account to the marketplace that corresponds to the management account's
  1483  //      address. For example, accounts with India addresses must be associated
  1484  //      with the AISPL marketplace. All accounts in an organization must be associated
  1485  //      with the same marketplace.
  1486  //
  1487  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  1488  //      in China. To create an organization, the master must have a valid business
  1489  //      license. For more information, contact customer support.
  1490  //
  1491  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  1492  //      must first provide a valid contact address and phone number for the management
  1493  //      account. Then try the operation again.
  1494  //
  1495  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  1496  //      management account must have an associated account in the AWS GovCloud
  1497  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  1498  //      in the AWS GovCloud User Guide.
  1499  //
  1500  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  1501  //      with this management account, you first must associate a valid payment
  1502  //      instrument, such as a credit card, with the account. Follow the steps
  1503  //      at To leave an organization when all required account information has
  1504  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  1505  //      in the AWS Organizations User Guide.
  1506  //
  1507  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  1508  //      to register more delegated administrators than allowed for the service
  1509  //      principal.
  1510  //
  1511  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  1512  //      number of policies of a certain type that can be attached to an entity
  1513  //      at one time.
  1514  //
  1515  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  1516  //      on this resource.
  1517  //
  1518  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  1519  //      with this member account, you first must associate a valid payment instrument,
  1520  //      such as a credit card, with the account. Follow the steps at To leave
  1521  //      an organization when all required account information has not yet been
  1522  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  1523  //      in the AWS Organizations User Guide.
  1524  //
  1525  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  1526  //      policy from an entity that would cause the entity to have fewer than the
  1527  //      minimum number of policies of a certain type required.
  1528  //
  1529  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  1530  //      that requires the organization to be configured to support all features.
  1531  //      An organization that supports only consolidated billing features can't
  1532  //      perform this operation.
  1533  //
  1534  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  1535  //      too many levels deep.
  1536  //
  1537  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  1538  //      that you can have in an organization.
  1539  //
  1540  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  1541  //      is larger than the maximum size.
  1542  //
  1543  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  1544  //      policies that you can have in an organization.
  1545  //
  1546  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  1547  //      tags that are not compliant with the tag policy requirements for this
  1548  //      account.
  1549  //
  1550  //   * InvalidInputException
  1551  //   The requested operation failed because you provided invalid values for one
  1552  //   or more of the request parameters. This exception includes a reason that
  1553  //   contains additional information about the violated limit:
  1554  //
  1555  //   Some of the reasons in the following list might not be applicable to this
  1556  //   specific API or operation.
  1557  //
  1558  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  1559  //      the same entity.
  1560  //
  1561  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  1562  //      can't be modified.
  1563  //
  1564  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  1565  //
  1566  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  1567  //      for the invited account owner.
  1568  //
  1569  //      * INVALID_ENUM: You specified an invalid value.
  1570  //
  1571  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  1572  //
  1573  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  1574  //      characters.
  1575  //
  1576  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  1577  //      at least one invalid value.
  1578  //
  1579  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  1580  //      from the response to a previous call of the operation.
  1581  //
  1582  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  1583  //      organization, or email) as a party.
  1584  //
  1585  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  1586  //      pattern.
  1587  //
  1588  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  1589  //      match the required pattern.
  1590  //
  1591  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  1592  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  1593  //
  1594  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  1595  //      Name (ARN) for the organization.
  1596  //
  1597  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  1598  //
  1599  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  1600  //      tag. You can’t add, edit, or delete system tag keys because they're
  1601  //      reserved for AWS use. System tags don’t count against your tags per
  1602  //      resource limit.
  1603  //
  1604  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  1605  //      for the operation.
  1606  //
  1607  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  1608  //      than allowed.
  1609  //
  1610  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  1611  //      value than allowed.
  1612  //
  1613  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  1614  //      than allowed.
  1615  //
  1616  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  1617  //      value than allowed.
  1618  //
  1619  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  1620  //      between entities in the same root.
  1621  //
  1622  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  1623  //      target entity.
  1624  //
  1625  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  1626  //      isn't recognized.
  1627  //
  1628  //   * FinalizingOrganizationException
  1629  //   AWS Organizations couldn't perform the operation because your organization
  1630  //   hasn't finished initializing. This can take up to an hour. Try again later.
  1631  //   If after one hour you continue to receive this error, contact AWS Support
  1632  //   (https://console.aws.amazon.com/support/home#/).
  1633  //
  1634  //   * ServiceException
  1635  //   AWS Organizations can't complete your request because of an internal service
  1636  //   error. Try again later.
  1637  //
  1638  //   * TooManyRequestsException
  1639  //   You have sent too many requests in too short a period of time. The quota
  1640  //   helps protect against denial-of-service attacks. Try again later.
  1641  //
  1642  //   For information about quotas that affect AWS Organizations, see Quotas for
  1643  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  1644  //   the AWS Organizations User Guide.
  1645  //
  1646  //   * UnsupportedAPIEndpointException
  1647  //   This action isn't available in the current AWS Region.
  1648  //
  1649  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateGovCloudAccount
  1650  func (c *Organizations) CreateGovCloudAccount(input *CreateGovCloudAccountInput) (*CreateGovCloudAccountOutput, error) {
  1651  	req, out := c.CreateGovCloudAccountRequest(input)
  1652  	return out, req.Send()
  1653  }
  1654  
  1655  // CreateGovCloudAccountWithContext is the same as CreateGovCloudAccount with the addition of
  1656  // the ability to pass a context and additional request options.
  1657  //
  1658  // See CreateGovCloudAccount for details on how to use this API operation.
  1659  //
  1660  // The context must be non-nil and will be used for request cancellation. If
  1661  // the context is nil a panic will occur. In the future the SDK may create
  1662  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  1663  // for more information on using Contexts.
  1664  func (c *Organizations) CreateGovCloudAccountWithContext(ctx aws.Context, input *CreateGovCloudAccountInput, opts ...request.Option) (*CreateGovCloudAccountOutput, error) {
  1665  	req, out := c.CreateGovCloudAccountRequest(input)
  1666  	req.SetContext(ctx)
  1667  	req.ApplyOptions(opts...)
  1668  	return out, req.Send()
  1669  }
  1670  
  1671  const opCreateOrganization = "CreateOrganization"
  1672  
  1673  // CreateOrganizationRequest generates a "aws/request.Request" representing the
  1674  // client's request for the CreateOrganization operation. The "output" return
  1675  // value will be populated with the request's response once the request completes
  1676  // successfully.
  1677  //
  1678  // Use "Send" method on the returned Request to send the API call to the service.
  1679  // the "output" return value is not valid until after Send returns without error.
  1680  //
  1681  // See CreateOrganization for more information on using the CreateOrganization
  1682  // API call, and error handling.
  1683  //
  1684  // This method is useful when you want to inject custom logic or configuration
  1685  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  1686  //
  1687  //
  1688  //    // Example sending a request using the CreateOrganizationRequest method.
  1689  //    req, resp := client.CreateOrganizationRequest(params)
  1690  //
  1691  //    err := req.Send()
  1692  //    if err == nil { // resp is now filled
  1693  //        fmt.Println(resp)
  1694  //    }
  1695  //
  1696  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
  1697  func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput) (req *request.Request, output *CreateOrganizationOutput) {
  1698  	op := &request.Operation{
  1699  		Name:       opCreateOrganization,
  1700  		HTTPMethod: "POST",
  1701  		HTTPPath:   "/",
  1702  	}
  1703  
  1704  	if input == nil {
  1705  		input = &CreateOrganizationInput{}
  1706  	}
  1707  
  1708  	output = &CreateOrganizationOutput{}
  1709  	req = c.newRequest(op, input, output)
  1710  	return
  1711  }
  1712  
  1713  // CreateOrganization API operation for AWS Organizations.
  1714  //
  1715  // Creates an AWS organization. The account whose user is calling the CreateOrganization
  1716  // operation automatically becomes the management account (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#account)
  1717  // of the new organization.
  1718  //
  1719  // This operation must be called using credentials from the account that is
  1720  // to become the new organization's management account. The principal must also
  1721  // have the relevant IAM permissions.
  1722  //
  1723  // By default (or if you set the FeatureSet parameter to ALL), the new organization
  1724  // is created with all features enabled and service control policies automatically
  1725  // enabled in the root. If you instead choose to create the organization supporting
  1726  // only the consolidated billing features by setting the FeatureSet parameter
  1727  // to CONSOLIDATED_BILLING", no policy types are enabled by default, and you
  1728  // can't use organization policies
  1729  //
  1730  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  1731  // with awserr.Error's Code and Message methods to get detailed information about
  1732  // the error.
  1733  //
  1734  // See the AWS API reference guide for AWS Organizations's
  1735  // API operation CreateOrganization for usage and error information.
  1736  //
  1737  // Returned Error Types:
  1738  //   * AccessDeniedException
  1739  //   You don't have permissions to perform the requested operation. The user or
  1740  //   role that is making the request must have at least one IAM permissions policy
  1741  //   attached that grants the required permissions. For more information, see
  1742  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  1743  //   in the IAM User Guide.
  1744  //
  1745  //   * AlreadyInOrganizationException
  1746  //   This account is already a member of an organization. An account can belong
  1747  //   to only one organization at a time.
  1748  //
  1749  //   * ConcurrentModificationException
  1750  //   The target of the operation is currently being modified by a different request.
  1751  //   Try again later.
  1752  //
  1753  //   * ConstraintViolationException
  1754  //   Performing this operation violates a minimum or maximum value limit. For
  1755  //   example, attempting to remove the last service control policy (SCP) from
  1756  //   an OU or root, inviting or creating too many accounts to the organization,
  1757  //   or attaching too many policies to an account, OU, or root. This exception
  1758  //   includes a reason that contains additional information about the violated
  1759  //   limit:
  1760  //
  1761  //   Some of the reasons in the following list might not be applicable to this
  1762  //   specific API or operation.
  1763  //
  1764  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  1765  //      account from the organization. You can't remove the management account.
  1766  //      Instead, after you remove all member accounts, delete the organization
  1767  //      itself.
  1768  //
  1769  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  1770  //      from the organization that doesn't yet have enough information to exist
  1771  //      as a standalone account. This account requires you to first agree to the
  1772  //      AWS Customer Agreement. Follow the steps at Removing a member account
  1773  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  1774  //      the AWS Organizations User Guide.
  1775  //
  1776  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  1777  //      an account from the organization that doesn't yet have enough information
  1778  //      to exist as a standalone account. This account requires you to first complete
  1779  //      phone verification. Follow the steps at Removing a member account from
  1780  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  1781  //      in the AWS Organizations User Guide.
  1782  //
  1783  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  1784  //      of accounts that you can create in one day.
  1785  //
  1786  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  1787  //      the number of accounts in an organization. If you need more accounts,
  1788  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  1789  //      request an increase in your limit. Or the number of invitations that you
  1790  //      tried to send would cause you to exceed the limit of accounts in your
  1791  //      organization. Send fewer invitations or contact AWS Support to request
  1792  //      an increase in the number of accounts. Deleted and closed accounts still
  1793  //      count toward your limit. If you get this exception when running a command
  1794  //      immediately after creating the organization, wait one hour and try again.
  1795  //      After an hour, if the command continues to fail with this error, contact
  1796  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  1797  //
  1798  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  1799  //      register the management account of the organization as a delegated administrator
  1800  //      for an AWS service integrated with Organizations. You can designate only
  1801  //      a member account as a delegated administrator.
  1802  //
  1803  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  1804  //      an account that is registered as a delegated administrator for a service
  1805  //      integrated with your organization. To complete this operation, you must
  1806  //      first deregister this account as a delegated administrator.
  1807  //
  1808  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  1809  //      organization in the specified region, you must enable all features mode.
  1810  //
  1811  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  1812  //      an AWS account as a delegated administrator for an AWS service that already
  1813  //      has a delegated administrator. To complete this operation, you must first
  1814  //      deregister any existing delegated administrators for this service.
  1815  //
  1816  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  1817  //      valid for a limited period of time. You must resubmit the request and
  1818  //      generate a new verfication code.
  1819  //
  1820  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  1821  //      handshakes that you can send in one day.
  1822  //
  1823  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  1824  //      in this organization, you first must migrate the organization's management
  1825  //      account to the marketplace that corresponds to the management account's
  1826  //      address. For example, accounts with India addresses must be associated
  1827  //      with the AISPL marketplace. All accounts in an organization must be associated
  1828  //      with the same marketplace.
  1829  //
  1830  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  1831  //      in China. To create an organization, the master must have a valid business
  1832  //      license. For more information, contact customer support.
  1833  //
  1834  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  1835  //      must first provide a valid contact address and phone number for the management
  1836  //      account. Then try the operation again.
  1837  //
  1838  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  1839  //      management account must have an associated account in the AWS GovCloud
  1840  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  1841  //      in the AWS GovCloud User Guide.
  1842  //
  1843  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  1844  //      with this management account, you first must associate a valid payment
  1845  //      instrument, such as a credit card, with the account. Follow the steps
  1846  //      at To leave an organization when all required account information has
  1847  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  1848  //      in the AWS Organizations User Guide.
  1849  //
  1850  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  1851  //      to register more delegated administrators than allowed for the service
  1852  //      principal.
  1853  //
  1854  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  1855  //      number of policies of a certain type that can be attached to an entity
  1856  //      at one time.
  1857  //
  1858  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  1859  //      on this resource.
  1860  //
  1861  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  1862  //      with this member account, you first must associate a valid payment instrument,
  1863  //      such as a credit card, with the account. Follow the steps at To leave
  1864  //      an organization when all required account information has not yet been
  1865  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  1866  //      in the AWS Organizations User Guide.
  1867  //
  1868  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  1869  //      policy from an entity that would cause the entity to have fewer than the
  1870  //      minimum number of policies of a certain type required.
  1871  //
  1872  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  1873  //      that requires the organization to be configured to support all features.
  1874  //      An organization that supports only consolidated billing features can't
  1875  //      perform this operation.
  1876  //
  1877  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  1878  //      too many levels deep.
  1879  //
  1880  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  1881  //      that you can have in an organization.
  1882  //
  1883  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  1884  //      is larger than the maximum size.
  1885  //
  1886  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  1887  //      policies that you can have in an organization.
  1888  //
  1889  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  1890  //      tags that are not compliant with the tag policy requirements for this
  1891  //      account.
  1892  //
  1893  //   * InvalidInputException
  1894  //   The requested operation failed because you provided invalid values for one
  1895  //   or more of the request parameters. This exception includes a reason that
  1896  //   contains additional information about the violated limit:
  1897  //
  1898  //   Some of the reasons in the following list might not be applicable to this
  1899  //   specific API or operation.
  1900  //
  1901  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  1902  //      the same entity.
  1903  //
  1904  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  1905  //      can't be modified.
  1906  //
  1907  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  1908  //
  1909  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  1910  //      for the invited account owner.
  1911  //
  1912  //      * INVALID_ENUM: You specified an invalid value.
  1913  //
  1914  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  1915  //
  1916  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  1917  //      characters.
  1918  //
  1919  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  1920  //      at least one invalid value.
  1921  //
  1922  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  1923  //      from the response to a previous call of the operation.
  1924  //
  1925  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  1926  //      organization, or email) as a party.
  1927  //
  1928  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  1929  //      pattern.
  1930  //
  1931  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  1932  //      match the required pattern.
  1933  //
  1934  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  1935  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  1936  //
  1937  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  1938  //      Name (ARN) for the organization.
  1939  //
  1940  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  1941  //
  1942  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  1943  //      tag. You can’t add, edit, or delete system tag keys because they're
  1944  //      reserved for AWS use. System tags don’t count against your tags per
  1945  //      resource limit.
  1946  //
  1947  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  1948  //      for the operation.
  1949  //
  1950  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  1951  //      than allowed.
  1952  //
  1953  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  1954  //      value than allowed.
  1955  //
  1956  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  1957  //      than allowed.
  1958  //
  1959  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  1960  //      value than allowed.
  1961  //
  1962  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  1963  //      between entities in the same root.
  1964  //
  1965  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  1966  //      target entity.
  1967  //
  1968  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  1969  //      isn't recognized.
  1970  //
  1971  //   * ServiceException
  1972  //   AWS Organizations can't complete your request because of an internal service
  1973  //   error. Try again later.
  1974  //
  1975  //   * TooManyRequestsException
  1976  //   You have sent too many requests in too short a period of time. The quota
  1977  //   helps protect against denial-of-service attacks. Try again later.
  1978  //
  1979  //   For information about quotas that affect AWS Organizations, see Quotas for
  1980  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  1981  //   the AWS Organizations User Guide.
  1982  //
  1983  //   * AccessDeniedForDependencyException
  1984  //   The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
  1985  //   for organizations.amazonaws.com permission so that AWS Organizations can
  1986  //   create the required service-linked role. You don't have that permission.
  1987  //
  1988  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganization
  1989  func (c *Organizations) CreateOrganization(input *CreateOrganizationInput) (*CreateOrganizationOutput, error) {
  1990  	req, out := c.CreateOrganizationRequest(input)
  1991  	return out, req.Send()
  1992  }
  1993  
  1994  // CreateOrganizationWithContext is the same as CreateOrganization with the addition of
  1995  // the ability to pass a context and additional request options.
  1996  //
  1997  // See CreateOrganization for details on how to use this API operation.
  1998  //
  1999  // The context must be non-nil and will be used for request cancellation. If
  2000  // the context is nil a panic will occur. In the future the SDK may create
  2001  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  2002  // for more information on using Contexts.
  2003  func (c *Organizations) CreateOrganizationWithContext(ctx aws.Context, input *CreateOrganizationInput, opts ...request.Option) (*CreateOrganizationOutput, error) {
  2004  	req, out := c.CreateOrganizationRequest(input)
  2005  	req.SetContext(ctx)
  2006  	req.ApplyOptions(opts...)
  2007  	return out, req.Send()
  2008  }
  2009  
  2010  const opCreateOrganizationalUnit = "CreateOrganizationalUnit"
  2011  
  2012  // CreateOrganizationalUnitRequest generates a "aws/request.Request" representing the
  2013  // client's request for the CreateOrganizationalUnit operation. The "output" return
  2014  // value will be populated with the request's response once the request completes
  2015  // successfully.
  2016  //
  2017  // Use "Send" method on the returned Request to send the API call to the service.
  2018  // the "output" return value is not valid until after Send returns without error.
  2019  //
  2020  // See CreateOrganizationalUnit for more information on using the CreateOrganizationalUnit
  2021  // API call, and error handling.
  2022  //
  2023  // This method is useful when you want to inject custom logic or configuration
  2024  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  2025  //
  2026  //
  2027  //    // Example sending a request using the CreateOrganizationalUnitRequest method.
  2028  //    req, resp := client.CreateOrganizationalUnitRequest(params)
  2029  //
  2030  //    err := req.Send()
  2031  //    if err == nil { // resp is now filled
  2032  //        fmt.Println(resp)
  2033  //    }
  2034  //
  2035  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
  2036  func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizationalUnitInput) (req *request.Request, output *CreateOrganizationalUnitOutput) {
  2037  	op := &request.Operation{
  2038  		Name:       opCreateOrganizationalUnit,
  2039  		HTTPMethod: "POST",
  2040  		HTTPPath:   "/",
  2041  	}
  2042  
  2043  	if input == nil {
  2044  		input = &CreateOrganizationalUnitInput{}
  2045  	}
  2046  
  2047  	output = &CreateOrganizationalUnitOutput{}
  2048  	req = c.newRequest(op, input, output)
  2049  	return
  2050  }
  2051  
  2052  // CreateOrganizationalUnit API operation for AWS Organizations.
  2053  //
  2054  // Creates an organizational unit (OU) within a root or parent OU. An OU is
  2055  // a container for accounts that enables you to organize your accounts to apply
  2056  // policies according to your business requirements. The number of levels deep
  2057  // that you can nest OUs is dependent upon the policy types enabled for that
  2058  // root. For service control policies, the limit is five.
  2059  //
  2060  // For more information about OUs, see Managing Organizational Units (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html)
  2061  // in the AWS Organizations User Guide.
  2062  //
  2063  // If the request includes tags, then the requester must have the organizations:TagResource
  2064  // permission.
  2065  //
  2066  // This operation can be called only from the organization's management account.
  2067  //
  2068  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  2069  // with awserr.Error's Code and Message methods to get detailed information about
  2070  // the error.
  2071  //
  2072  // See the AWS API reference guide for AWS Organizations's
  2073  // API operation CreateOrganizationalUnit for usage and error information.
  2074  //
  2075  // Returned Error Types:
  2076  //   * AccessDeniedException
  2077  //   You don't have permissions to perform the requested operation. The user or
  2078  //   role that is making the request must have at least one IAM permissions policy
  2079  //   attached that grants the required permissions. For more information, see
  2080  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  2081  //   in the IAM User Guide.
  2082  //
  2083  //   * AWSOrganizationsNotInUseException
  2084  //   Your account isn't a member of an organization. To make this request, you
  2085  //   must use the credentials of an account that belongs to an organization.
  2086  //
  2087  //   * ConcurrentModificationException
  2088  //   The target of the operation is currently being modified by a different request.
  2089  //   Try again later.
  2090  //
  2091  //   * ConstraintViolationException
  2092  //   Performing this operation violates a minimum or maximum value limit. For
  2093  //   example, attempting to remove the last service control policy (SCP) from
  2094  //   an OU or root, inviting or creating too many accounts to the organization,
  2095  //   or attaching too many policies to an account, OU, or root. This exception
  2096  //   includes a reason that contains additional information about the violated
  2097  //   limit:
  2098  //
  2099  //   Some of the reasons in the following list might not be applicable to this
  2100  //   specific API or operation.
  2101  //
  2102  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  2103  //      account from the organization. You can't remove the management account.
  2104  //      Instead, after you remove all member accounts, delete the organization
  2105  //      itself.
  2106  //
  2107  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  2108  //      from the organization that doesn't yet have enough information to exist
  2109  //      as a standalone account. This account requires you to first agree to the
  2110  //      AWS Customer Agreement. Follow the steps at Removing a member account
  2111  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  2112  //      the AWS Organizations User Guide.
  2113  //
  2114  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  2115  //      an account from the organization that doesn't yet have enough information
  2116  //      to exist as a standalone account. This account requires you to first complete
  2117  //      phone verification. Follow the steps at Removing a member account from
  2118  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  2119  //      in the AWS Organizations User Guide.
  2120  //
  2121  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  2122  //      of accounts that you can create in one day.
  2123  //
  2124  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  2125  //      the number of accounts in an organization. If you need more accounts,
  2126  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  2127  //      request an increase in your limit. Or the number of invitations that you
  2128  //      tried to send would cause you to exceed the limit of accounts in your
  2129  //      organization. Send fewer invitations or contact AWS Support to request
  2130  //      an increase in the number of accounts. Deleted and closed accounts still
  2131  //      count toward your limit. If you get this exception when running a command
  2132  //      immediately after creating the organization, wait one hour and try again.
  2133  //      After an hour, if the command continues to fail with this error, contact
  2134  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  2135  //
  2136  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  2137  //      register the management account of the organization as a delegated administrator
  2138  //      for an AWS service integrated with Organizations. You can designate only
  2139  //      a member account as a delegated administrator.
  2140  //
  2141  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  2142  //      an account that is registered as a delegated administrator for a service
  2143  //      integrated with your organization. To complete this operation, you must
  2144  //      first deregister this account as a delegated administrator.
  2145  //
  2146  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  2147  //      organization in the specified region, you must enable all features mode.
  2148  //
  2149  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  2150  //      an AWS account as a delegated administrator for an AWS service that already
  2151  //      has a delegated administrator. To complete this operation, you must first
  2152  //      deregister any existing delegated administrators for this service.
  2153  //
  2154  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  2155  //      valid for a limited period of time. You must resubmit the request and
  2156  //      generate a new verfication code.
  2157  //
  2158  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  2159  //      handshakes that you can send in one day.
  2160  //
  2161  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  2162  //      in this organization, you first must migrate the organization's management
  2163  //      account to the marketplace that corresponds to the management account's
  2164  //      address. For example, accounts with India addresses must be associated
  2165  //      with the AISPL marketplace. All accounts in an organization must be associated
  2166  //      with the same marketplace.
  2167  //
  2168  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  2169  //      in China. To create an organization, the master must have a valid business
  2170  //      license. For more information, contact customer support.
  2171  //
  2172  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  2173  //      must first provide a valid contact address and phone number for the management
  2174  //      account. Then try the operation again.
  2175  //
  2176  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  2177  //      management account must have an associated account in the AWS GovCloud
  2178  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  2179  //      in the AWS GovCloud User Guide.
  2180  //
  2181  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  2182  //      with this management account, you first must associate a valid payment
  2183  //      instrument, such as a credit card, with the account. Follow the steps
  2184  //      at To leave an organization when all required account information has
  2185  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  2186  //      in the AWS Organizations User Guide.
  2187  //
  2188  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  2189  //      to register more delegated administrators than allowed for the service
  2190  //      principal.
  2191  //
  2192  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  2193  //      number of policies of a certain type that can be attached to an entity
  2194  //      at one time.
  2195  //
  2196  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  2197  //      on this resource.
  2198  //
  2199  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  2200  //      with this member account, you first must associate a valid payment instrument,
  2201  //      such as a credit card, with the account. Follow the steps at To leave
  2202  //      an organization when all required account information has not yet been
  2203  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  2204  //      in the AWS Organizations User Guide.
  2205  //
  2206  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  2207  //      policy from an entity that would cause the entity to have fewer than the
  2208  //      minimum number of policies of a certain type required.
  2209  //
  2210  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  2211  //      that requires the organization to be configured to support all features.
  2212  //      An organization that supports only consolidated billing features can't
  2213  //      perform this operation.
  2214  //
  2215  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  2216  //      too many levels deep.
  2217  //
  2218  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  2219  //      that you can have in an organization.
  2220  //
  2221  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  2222  //      is larger than the maximum size.
  2223  //
  2224  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  2225  //      policies that you can have in an organization.
  2226  //
  2227  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  2228  //      tags that are not compliant with the tag policy requirements for this
  2229  //      account.
  2230  //
  2231  //   * DuplicateOrganizationalUnitException
  2232  //   An OU with the same name already exists.
  2233  //
  2234  //   * InvalidInputException
  2235  //   The requested operation failed because you provided invalid values for one
  2236  //   or more of the request parameters. This exception includes a reason that
  2237  //   contains additional information about the violated limit:
  2238  //
  2239  //   Some of the reasons in the following list might not be applicable to this
  2240  //   specific API or operation.
  2241  //
  2242  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  2243  //      the same entity.
  2244  //
  2245  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  2246  //      can't be modified.
  2247  //
  2248  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  2249  //
  2250  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  2251  //      for the invited account owner.
  2252  //
  2253  //      * INVALID_ENUM: You specified an invalid value.
  2254  //
  2255  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  2256  //
  2257  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  2258  //      characters.
  2259  //
  2260  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  2261  //      at least one invalid value.
  2262  //
  2263  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  2264  //      from the response to a previous call of the operation.
  2265  //
  2266  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  2267  //      organization, or email) as a party.
  2268  //
  2269  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  2270  //      pattern.
  2271  //
  2272  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  2273  //      match the required pattern.
  2274  //
  2275  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  2276  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  2277  //
  2278  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  2279  //      Name (ARN) for the organization.
  2280  //
  2281  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  2282  //
  2283  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  2284  //      tag. You can’t add, edit, or delete system tag keys because they're
  2285  //      reserved for AWS use. System tags don’t count against your tags per
  2286  //      resource limit.
  2287  //
  2288  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  2289  //      for the operation.
  2290  //
  2291  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  2292  //      than allowed.
  2293  //
  2294  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  2295  //      value than allowed.
  2296  //
  2297  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  2298  //      than allowed.
  2299  //
  2300  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  2301  //      value than allowed.
  2302  //
  2303  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  2304  //      between entities in the same root.
  2305  //
  2306  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  2307  //      target entity.
  2308  //
  2309  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  2310  //      isn't recognized.
  2311  //
  2312  //   * ParentNotFoundException
  2313  //   We can't find a root or OU with the ParentId that you specified.
  2314  //
  2315  //   * ServiceException
  2316  //   AWS Organizations can't complete your request because of an internal service
  2317  //   error. Try again later.
  2318  //
  2319  //   * TooManyRequestsException
  2320  //   You have sent too many requests in too short a period of time. The quota
  2321  //   helps protect against denial-of-service attacks. Try again later.
  2322  //
  2323  //   For information about quotas that affect AWS Organizations, see Quotas for
  2324  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  2325  //   the AWS Organizations User Guide.
  2326  //
  2327  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreateOrganizationalUnit
  2328  func (c *Organizations) CreateOrganizationalUnit(input *CreateOrganizationalUnitInput) (*CreateOrganizationalUnitOutput, error) {
  2329  	req, out := c.CreateOrganizationalUnitRequest(input)
  2330  	return out, req.Send()
  2331  }
  2332  
  2333  // CreateOrganizationalUnitWithContext is the same as CreateOrganizationalUnit with the addition of
  2334  // the ability to pass a context and additional request options.
  2335  //
  2336  // See CreateOrganizationalUnit for details on how to use this API operation.
  2337  //
  2338  // The context must be non-nil and will be used for request cancellation. If
  2339  // the context is nil a panic will occur. In the future the SDK may create
  2340  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  2341  // for more information on using Contexts.
  2342  func (c *Organizations) CreateOrganizationalUnitWithContext(ctx aws.Context, input *CreateOrganizationalUnitInput, opts ...request.Option) (*CreateOrganizationalUnitOutput, error) {
  2343  	req, out := c.CreateOrganizationalUnitRequest(input)
  2344  	req.SetContext(ctx)
  2345  	req.ApplyOptions(opts...)
  2346  	return out, req.Send()
  2347  }
  2348  
  2349  const opCreatePolicy = "CreatePolicy"
  2350  
  2351  // CreatePolicyRequest generates a "aws/request.Request" representing the
  2352  // client's request for the CreatePolicy operation. The "output" return
  2353  // value will be populated with the request's response once the request completes
  2354  // successfully.
  2355  //
  2356  // Use "Send" method on the returned Request to send the API call to the service.
  2357  // the "output" return value is not valid until after Send returns without error.
  2358  //
  2359  // See CreatePolicy for more information on using the CreatePolicy
  2360  // API call, and error handling.
  2361  //
  2362  // This method is useful when you want to inject custom logic or configuration
  2363  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  2364  //
  2365  //
  2366  //    // Example sending a request using the CreatePolicyRequest method.
  2367  //    req, resp := client.CreatePolicyRequest(params)
  2368  //
  2369  //    err := req.Send()
  2370  //    if err == nil { // resp is now filled
  2371  //        fmt.Println(resp)
  2372  //    }
  2373  //
  2374  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
  2375  func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Request, output *CreatePolicyOutput) {
  2376  	op := &request.Operation{
  2377  		Name:       opCreatePolicy,
  2378  		HTTPMethod: "POST",
  2379  		HTTPPath:   "/",
  2380  	}
  2381  
  2382  	if input == nil {
  2383  		input = &CreatePolicyInput{}
  2384  	}
  2385  
  2386  	output = &CreatePolicyOutput{}
  2387  	req = c.newRequest(op, input, output)
  2388  	return
  2389  }
  2390  
  2391  // CreatePolicy API operation for AWS Organizations.
  2392  //
  2393  // Creates a policy of a specified type that you can attach to a root, an organizational
  2394  // unit (OU), or an individual AWS account.
  2395  //
  2396  // For more information about policies and their use, see Managing Organization
  2397  // Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html).
  2398  //
  2399  // If the request includes tags, then the requester must have the organizations:TagResource
  2400  // permission.
  2401  //
  2402  // This operation can be called only from the organization's management account.
  2403  //
  2404  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  2405  // with awserr.Error's Code and Message methods to get detailed information about
  2406  // the error.
  2407  //
  2408  // See the AWS API reference guide for AWS Organizations's
  2409  // API operation CreatePolicy for usage and error information.
  2410  //
  2411  // Returned Error Types:
  2412  //   * AccessDeniedException
  2413  //   You don't have permissions to perform the requested operation. The user or
  2414  //   role that is making the request must have at least one IAM permissions policy
  2415  //   attached that grants the required permissions. For more information, see
  2416  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  2417  //   in the IAM User Guide.
  2418  //
  2419  //   * AWSOrganizationsNotInUseException
  2420  //   Your account isn't a member of an organization. To make this request, you
  2421  //   must use the credentials of an account that belongs to an organization.
  2422  //
  2423  //   * ConcurrentModificationException
  2424  //   The target of the operation is currently being modified by a different request.
  2425  //   Try again later.
  2426  //
  2427  //   * ConstraintViolationException
  2428  //   Performing this operation violates a minimum or maximum value limit. For
  2429  //   example, attempting to remove the last service control policy (SCP) from
  2430  //   an OU or root, inviting or creating too many accounts to the organization,
  2431  //   or attaching too many policies to an account, OU, or root. This exception
  2432  //   includes a reason that contains additional information about the violated
  2433  //   limit:
  2434  //
  2435  //   Some of the reasons in the following list might not be applicable to this
  2436  //   specific API or operation.
  2437  //
  2438  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  2439  //      account from the organization. You can't remove the management account.
  2440  //      Instead, after you remove all member accounts, delete the organization
  2441  //      itself.
  2442  //
  2443  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  2444  //      from the organization that doesn't yet have enough information to exist
  2445  //      as a standalone account. This account requires you to first agree to the
  2446  //      AWS Customer Agreement. Follow the steps at Removing a member account
  2447  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  2448  //      the AWS Organizations User Guide.
  2449  //
  2450  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  2451  //      an account from the organization that doesn't yet have enough information
  2452  //      to exist as a standalone account. This account requires you to first complete
  2453  //      phone verification. Follow the steps at Removing a member account from
  2454  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  2455  //      in the AWS Organizations User Guide.
  2456  //
  2457  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  2458  //      of accounts that you can create in one day.
  2459  //
  2460  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  2461  //      the number of accounts in an organization. If you need more accounts,
  2462  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  2463  //      request an increase in your limit. Or the number of invitations that you
  2464  //      tried to send would cause you to exceed the limit of accounts in your
  2465  //      organization. Send fewer invitations or contact AWS Support to request
  2466  //      an increase in the number of accounts. Deleted and closed accounts still
  2467  //      count toward your limit. If you get this exception when running a command
  2468  //      immediately after creating the organization, wait one hour and try again.
  2469  //      After an hour, if the command continues to fail with this error, contact
  2470  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  2471  //
  2472  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  2473  //      register the management account of the organization as a delegated administrator
  2474  //      for an AWS service integrated with Organizations. You can designate only
  2475  //      a member account as a delegated administrator.
  2476  //
  2477  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  2478  //      an account that is registered as a delegated administrator for a service
  2479  //      integrated with your organization. To complete this operation, you must
  2480  //      first deregister this account as a delegated administrator.
  2481  //
  2482  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  2483  //      organization in the specified region, you must enable all features mode.
  2484  //
  2485  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  2486  //      an AWS account as a delegated administrator for an AWS service that already
  2487  //      has a delegated administrator. To complete this operation, you must first
  2488  //      deregister any existing delegated administrators for this service.
  2489  //
  2490  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  2491  //      valid for a limited period of time. You must resubmit the request and
  2492  //      generate a new verfication code.
  2493  //
  2494  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  2495  //      handshakes that you can send in one day.
  2496  //
  2497  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  2498  //      in this organization, you first must migrate the organization's management
  2499  //      account to the marketplace that corresponds to the management account's
  2500  //      address. For example, accounts with India addresses must be associated
  2501  //      with the AISPL marketplace. All accounts in an organization must be associated
  2502  //      with the same marketplace.
  2503  //
  2504  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  2505  //      in China. To create an organization, the master must have a valid business
  2506  //      license. For more information, contact customer support.
  2507  //
  2508  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  2509  //      must first provide a valid contact address and phone number for the management
  2510  //      account. Then try the operation again.
  2511  //
  2512  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  2513  //      management account must have an associated account in the AWS GovCloud
  2514  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  2515  //      in the AWS GovCloud User Guide.
  2516  //
  2517  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  2518  //      with this management account, you first must associate a valid payment
  2519  //      instrument, such as a credit card, with the account. Follow the steps
  2520  //      at To leave an organization when all required account information has
  2521  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  2522  //      in the AWS Organizations User Guide.
  2523  //
  2524  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  2525  //      to register more delegated administrators than allowed for the service
  2526  //      principal.
  2527  //
  2528  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  2529  //      number of policies of a certain type that can be attached to an entity
  2530  //      at one time.
  2531  //
  2532  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  2533  //      on this resource.
  2534  //
  2535  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  2536  //      with this member account, you first must associate a valid payment instrument,
  2537  //      such as a credit card, with the account. Follow the steps at To leave
  2538  //      an organization when all required account information has not yet been
  2539  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  2540  //      in the AWS Organizations User Guide.
  2541  //
  2542  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  2543  //      policy from an entity that would cause the entity to have fewer than the
  2544  //      minimum number of policies of a certain type required.
  2545  //
  2546  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  2547  //      that requires the organization to be configured to support all features.
  2548  //      An organization that supports only consolidated billing features can't
  2549  //      perform this operation.
  2550  //
  2551  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  2552  //      too many levels deep.
  2553  //
  2554  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  2555  //      that you can have in an organization.
  2556  //
  2557  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  2558  //      is larger than the maximum size.
  2559  //
  2560  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  2561  //      policies that you can have in an organization.
  2562  //
  2563  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  2564  //      tags that are not compliant with the tag policy requirements for this
  2565  //      account.
  2566  //
  2567  //   * DuplicatePolicyException
  2568  //   A policy with the same name already exists.
  2569  //
  2570  //   * InvalidInputException
  2571  //   The requested operation failed because you provided invalid values for one
  2572  //   or more of the request parameters. This exception includes a reason that
  2573  //   contains additional information about the violated limit:
  2574  //
  2575  //   Some of the reasons in the following list might not be applicable to this
  2576  //   specific API or operation.
  2577  //
  2578  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  2579  //      the same entity.
  2580  //
  2581  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  2582  //      can't be modified.
  2583  //
  2584  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  2585  //
  2586  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  2587  //      for the invited account owner.
  2588  //
  2589  //      * INVALID_ENUM: You specified an invalid value.
  2590  //
  2591  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  2592  //
  2593  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  2594  //      characters.
  2595  //
  2596  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  2597  //      at least one invalid value.
  2598  //
  2599  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  2600  //      from the response to a previous call of the operation.
  2601  //
  2602  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  2603  //      organization, or email) as a party.
  2604  //
  2605  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  2606  //      pattern.
  2607  //
  2608  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  2609  //      match the required pattern.
  2610  //
  2611  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  2612  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  2613  //
  2614  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  2615  //      Name (ARN) for the organization.
  2616  //
  2617  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  2618  //
  2619  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  2620  //      tag. You can’t add, edit, or delete system tag keys because they're
  2621  //      reserved for AWS use. System tags don’t count against your tags per
  2622  //      resource limit.
  2623  //
  2624  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  2625  //      for the operation.
  2626  //
  2627  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  2628  //      than allowed.
  2629  //
  2630  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  2631  //      value than allowed.
  2632  //
  2633  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  2634  //      than allowed.
  2635  //
  2636  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  2637  //      value than allowed.
  2638  //
  2639  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  2640  //      between entities in the same root.
  2641  //
  2642  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  2643  //      target entity.
  2644  //
  2645  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  2646  //      isn't recognized.
  2647  //
  2648  //   * MalformedPolicyDocumentException
  2649  //   The provided policy document doesn't meet the requirements of the specified
  2650  //   policy type. For example, the syntax might be incorrect. For details about
  2651  //   service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
  2652  //   in the AWS Organizations User Guide.
  2653  //
  2654  //   * PolicyTypeNotAvailableForOrganizationException
  2655  //   You can't use the specified policy type with the feature set currently enabled
  2656  //   for this organization. For example, you can enable SCPs only after you enable
  2657  //   all features in the organization. For more information, see Managing AWS
  2658  //   Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
  2659  //   the AWS Organizations User Guide.
  2660  //
  2661  //   * ServiceException
  2662  //   AWS Organizations can't complete your request because of an internal service
  2663  //   error. Try again later.
  2664  //
  2665  //   * TooManyRequestsException
  2666  //   You have sent too many requests in too short a period of time. The quota
  2667  //   helps protect against denial-of-service attacks. Try again later.
  2668  //
  2669  //   For information about quotas that affect AWS Organizations, see Quotas for
  2670  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  2671  //   the AWS Organizations User Guide.
  2672  //
  2673  //   * UnsupportedAPIEndpointException
  2674  //   This action isn't available in the current AWS Region.
  2675  //
  2676  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/CreatePolicy
  2677  func (c *Organizations) CreatePolicy(input *CreatePolicyInput) (*CreatePolicyOutput, error) {
  2678  	req, out := c.CreatePolicyRequest(input)
  2679  	return out, req.Send()
  2680  }
  2681  
  2682  // CreatePolicyWithContext is the same as CreatePolicy with the addition of
  2683  // the ability to pass a context and additional request options.
  2684  //
  2685  // See CreatePolicy for details on how to use this API operation.
  2686  //
  2687  // The context must be non-nil and will be used for request cancellation. If
  2688  // the context is nil a panic will occur. In the future the SDK may create
  2689  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  2690  // for more information on using Contexts.
  2691  func (c *Organizations) CreatePolicyWithContext(ctx aws.Context, input *CreatePolicyInput, opts ...request.Option) (*CreatePolicyOutput, error) {
  2692  	req, out := c.CreatePolicyRequest(input)
  2693  	req.SetContext(ctx)
  2694  	req.ApplyOptions(opts...)
  2695  	return out, req.Send()
  2696  }
  2697  
  2698  const opDeclineHandshake = "DeclineHandshake"
  2699  
  2700  // DeclineHandshakeRequest generates a "aws/request.Request" representing the
  2701  // client's request for the DeclineHandshake operation. The "output" return
  2702  // value will be populated with the request's response once the request completes
  2703  // successfully.
  2704  //
  2705  // Use "Send" method on the returned Request to send the API call to the service.
  2706  // the "output" return value is not valid until after Send returns without error.
  2707  //
  2708  // See DeclineHandshake for more information on using the DeclineHandshake
  2709  // API call, and error handling.
  2710  //
  2711  // This method is useful when you want to inject custom logic or configuration
  2712  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  2713  //
  2714  //
  2715  //    // Example sending a request using the DeclineHandshakeRequest method.
  2716  //    req, resp := client.DeclineHandshakeRequest(params)
  2717  //
  2718  //    err := req.Send()
  2719  //    if err == nil { // resp is now filled
  2720  //        fmt.Println(resp)
  2721  //    }
  2722  //
  2723  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
  2724  func (c *Organizations) DeclineHandshakeRequest(input *DeclineHandshakeInput) (req *request.Request, output *DeclineHandshakeOutput) {
  2725  	op := &request.Operation{
  2726  		Name:       opDeclineHandshake,
  2727  		HTTPMethod: "POST",
  2728  		HTTPPath:   "/",
  2729  	}
  2730  
  2731  	if input == nil {
  2732  		input = &DeclineHandshakeInput{}
  2733  	}
  2734  
  2735  	output = &DeclineHandshakeOutput{}
  2736  	req = c.newRequest(op, input, output)
  2737  	return
  2738  }
  2739  
  2740  // DeclineHandshake API operation for AWS Organizations.
  2741  //
  2742  // Declines a handshake request. This sets the handshake state to DECLINED and
  2743  // effectively deactivates the request.
  2744  //
  2745  // This operation can be called only from the account that received the handshake.
  2746  // The originator of the handshake can use CancelHandshake instead. The originator
  2747  // can't reactivate a declined request, but can reinitiate the process with
  2748  // a new handshake request.
  2749  //
  2750  // After you decline a handshake, it continues to appear in the results of relevant
  2751  // APIs for only 30 days. After that, it's deleted.
  2752  //
  2753  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  2754  // with awserr.Error's Code and Message methods to get detailed information about
  2755  // the error.
  2756  //
  2757  // See the AWS API reference guide for AWS Organizations's
  2758  // API operation DeclineHandshake for usage and error information.
  2759  //
  2760  // Returned Error Types:
  2761  //   * AccessDeniedException
  2762  //   You don't have permissions to perform the requested operation. The user or
  2763  //   role that is making the request must have at least one IAM permissions policy
  2764  //   attached that grants the required permissions. For more information, see
  2765  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  2766  //   in the IAM User Guide.
  2767  //
  2768  //   * ConcurrentModificationException
  2769  //   The target of the operation is currently being modified by a different request.
  2770  //   Try again later.
  2771  //
  2772  //   * HandshakeNotFoundException
  2773  //   We can't find a handshake with the HandshakeId that you specified.
  2774  //
  2775  //   * InvalidHandshakeTransitionException
  2776  //   You can't perform the operation on the handshake in its current state. For
  2777  //   example, you can't cancel a handshake that was already accepted or accept
  2778  //   a handshake that was already declined.
  2779  //
  2780  //   * HandshakeAlreadyInStateException
  2781  //   The specified handshake is already in the requested state. For example, you
  2782  //   can't accept a handshake that was already accepted.
  2783  //
  2784  //   * InvalidInputException
  2785  //   The requested operation failed because you provided invalid values for one
  2786  //   or more of the request parameters. This exception includes a reason that
  2787  //   contains additional information about the violated limit:
  2788  //
  2789  //   Some of the reasons in the following list might not be applicable to this
  2790  //   specific API or operation.
  2791  //
  2792  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  2793  //      the same entity.
  2794  //
  2795  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  2796  //      can't be modified.
  2797  //
  2798  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  2799  //
  2800  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  2801  //      for the invited account owner.
  2802  //
  2803  //      * INVALID_ENUM: You specified an invalid value.
  2804  //
  2805  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  2806  //
  2807  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  2808  //      characters.
  2809  //
  2810  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  2811  //      at least one invalid value.
  2812  //
  2813  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  2814  //      from the response to a previous call of the operation.
  2815  //
  2816  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  2817  //      organization, or email) as a party.
  2818  //
  2819  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  2820  //      pattern.
  2821  //
  2822  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  2823  //      match the required pattern.
  2824  //
  2825  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  2826  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  2827  //
  2828  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  2829  //      Name (ARN) for the organization.
  2830  //
  2831  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  2832  //
  2833  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  2834  //      tag. You can’t add, edit, or delete system tag keys because they're
  2835  //      reserved for AWS use. System tags don’t count against your tags per
  2836  //      resource limit.
  2837  //
  2838  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  2839  //      for the operation.
  2840  //
  2841  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  2842  //      than allowed.
  2843  //
  2844  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  2845  //      value than allowed.
  2846  //
  2847  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  2848  //      than allowed.
  2849  //
  2850  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  2851  //      value than allowed.
  2852  //
  2853  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  2854  //      between entities in the same root.
  2855  //
  2856  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  2857  //      target entity.
  2858  //
  2859  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  2860  //      isn't recognized.
  2861  //
  2862  //   * ServiceException
  2863  //   AWS Organizations can't complete your request because of an internal service
  2864  //   error. Try again later.
  2865  //
  2866  //   * TooManyRequestsException
  2867  //   You have sent too many requests in too short a period of time. The quota
  2868  //   helps protect against denial-of-service attacks. Try again later.
  2869  //
  2870  //   For information about quotas that affect AWS Organizations, see Quotas for
  2871  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  2872  //   the AWS Organizations User Guide.
  2873  //
  2874  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeclineHandshake
  2875  func (c *Organizations) DeclineHandshake(input *DeclineHandshakeInput) (*DeclineHandshakeOutput, error) {
  2876  	req, out := c.DeclineHandshakeRequest(input)
  2877  	return out, req.Send()
  2878  }
  2879  
  2880  // DeclineHandshakeWithContext is the same as DeclineHandshake with the addition of
  2881  // the ability to pass a context and additional request options.
  2882  //
  2883  // See DeclineHandshake for details on how to use this API operation.
  2884  //
  2885  // The context must be non-nil and will be used for request cancellation. If
  2886  // the context is nil a panic will occur. In the future the SDK may create
  2887  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  2888  // for more information on using Contexts.
  2889  func (c *Organizations) DeclineHandshakeWithContext(ctx aws.Context, input *DeclineHandshakeInput, opts ...request.Option) (*DeclineHandshakeOutput, error) {
  2890  	req, out := c.DeclineHandshakeRequest(input)
  2891  	req.SetContext(ctx)
  2892  	req.ApplyOptions(opts...)
  2893  	return out, req.Send()
  2894  }
  2895  
  2896  const opDeleteOrganization = "DeleteOrganization"
  2897  
  2898  // DeleteOrganizationRequest generates a "aws/request.Request" representing the
  2899  // client's request for the DeleteOrganization operation. The "output" return
  2900  // value will be populated with the request's response once the request completes
  2901  // successfully.
  2902  //
  2903  // Use "Send" method on the returned Request to send the API call to the service.
  2904  // the "output" return value is not valid until after Send returns without error.
  2905  //
  2906  // See DeleteOrganization for more information on using the DeleteOrganization
  2907  // API call, and error handling.
  2908  //
  2909  // This method is useful when you want to inject custom logic or configuration
  2910  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  2911  //
  2912  //
  2913  //    // Example sending a request using the DeleteOrganizationRequest method.
  2914  //    req, resp := client.DeleteOrganizationRequest(params)
  2915  //
  2916  //    err := req.Send()
  2917  //    if err == nil { // resp is now filled
  2918  //        fmt.Println(resp)
  2919  //    }
  2920  //
  2921  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
  2922  func (c *Organizations) DeleteOrganizationRequest(input *DeleteOrganizationInput) (req *request.Request, output *DeleteOrganizationOutput) {
  2923  	op := &request.Operation{
  2924  		Name:       opDeleteOrganization,
  2925  		HTTPMethod: "POST",
  2926  		HTTPPath:   "/",
  2927  	}
  2928  
  2929  	if input == nil {
  2930  		input = &DeleteOrganizationInput{}
  2931  	}
  2932  
  2933  	output = &DeleteOrganizationOutput{}
  2934  	req = c.newRequest(op, input, output)
  2935  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
  2936  	return
  2937  }
  2938  
  2939  // DeleteOrganization API operation for AWS Organizations.
  2940  //
  2941  // Deletes the organization. You can delete an organization only by using credentials
  2942  // from the management account. The organization must be empty of member accounts.
  2943  //
  2944  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  2945  // with awserr.Error's Code and Message methods to get detailed information about
  2946  // the error.
  2947  //
  2948  // See the AWS API reference guide for AWS Organizations's
  2949  // API operation DeleteOrganization for usage and error information.
  2950  //
  2951  // Returned Error Types:
  2952  //   * AccessDeniedException
  2953  //   You don't have permissions to perform the requested operation. The user or
  2954  //   role that is making the request must have at least one IAM permissions policy
  2955  //   attached that grants the required permissions. For more information, see
  2956  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  2957  //   in the IAM User Guide.
  2958  //
  2959  //   * AWSOrganizationsNotInUseException
  2960  //   Your account isn't a member of an organization. To make this request, you
  2961  //   must use the credentials of an account that belongs to an organization.
  2962  //
  2963  //   * ConcurrentModificationException
  2964  //   The target of the operation is currently being modified by a different request.
  2965  //   Try again later.
  2966  //
  2967  //   * InvalidInputException
  2968  //   The requested operation failed because you provided invalid values for one
  2969  //   or more of the request parameters. This exception includes a reason that
  2970  //   contains additional information about the violated limit:
  2971  //
  2972  //   Some of the reasons in the following list might not be applicable to this
  2973  //   specific API or operation.
  2974  //
  2975  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  2976  //      the same entity.
  2977  //
  2978  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  2979  //      can't be modified.
  2980  //
  2981  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  2982  //
  2983  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  2984  //      for the invited account owner.
  2985  //
  2986  //      * INVALID_ENUM: You specified an invalid value.
  2987  //
  2988  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  2989  //
  2990  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  2991  //      characters.
  2992  //
  2993  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  2994  //      at least one invalid value.
  2995  //
  2996  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  2997  //      from the response to a previous call of the operation.
  2998  //
  2999  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  3000  //      organization, or email) as a party.
  3001  //
  3002  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  3003  //      pattern.
  3004  //
  3005  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  3006  //      match the required pattern.
  3007  //
  3008  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  3009  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  3010  //
  3011  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  3012  //      Name (ARN) for the organization.
  3013  //
  3014  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  3015  //
  3016  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  3017  //      tag. You can’t add, edit, or delete system tag keys because they're
  3018  //      reserved for AWS use. System tags don’t count against your tags per
  3019  //      resource limit.
  3020  //
  3021  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  3022  //      for the operation.
  3023  //
  3024  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  3025  //      than allowed.
  3026  //
  3027  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  3028  //      value than allowed.
  3029  //
  3030  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  3031  //      than allowed.
  3032  //
  3033  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  3034  //      value than allowed.
  3035  //
  3036  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  3037  //      between entities in the same root.
  3038  //
  3039  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  3040  //      target entity.
  3041  //
  3042  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  3043  //      isn't recognized.
  3044  //
  3045  //   * OrganizationNotEmptyException
  3046  //   The organization isn't empty. To delete an organization, you must first remove
  3047  //   all accounts except the management account, delete all OUs, and delete all
  3048  //   policies.
  3049  //
  3050  //   * ServiceException
  3051  //   AWS Organizations can't complete your request because of an internal service
  3052  //   error. Try again later.
  3053  //
  3054  //   * TooManyRequestsException
  3055  //   You have sent too many requests in too short a period of time. The quota
  3056  //   helps protect against denial-of-service attacks. Try again later.
  3057  //
  3058  //   For information about quotas that affect AWS Organizations, see Quotas for
  3059  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  3060  //   the AWS Organizations User Guide.
  3061  //
  3062  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganization
  3063  func (c *Organizations) DeleteOrganization(input *DeleteOrganizationInput) (*DeleteOrganizationOutput, error) {
  3064  	req, out := c.DeleteOrganizationRequest(input)
  3065  	return out, req.Send()
  3066  }
  3067  
  3068  // DeleteOrganizationWithContext is the same as DeleteOrganization with the addition of
  3069  // the ability to pass a context and additional request options.
  3070  //
  3071  // See DeleteOrganization for details on how to use this API operation.
  3072  //
  3073  // The context must be non-nil and will be used for request cancellation. If
  3074  // the context is nil a panic will occur. In the future the SDK may create
  3075  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  3076  // for more information on using Contexts.
  3077  func (c *Organizations) DeleteOrganizationWithContext(ctx aws.Context, input *DeleteOrganizationInput, opts ...request.Option) (*DeleteOrganizationOutput, error) {
  3078  	req, out := c.DeleteOrganizationRequest(input)
  3079  	req.SetContext(ctx)
  3080  	req.ApplyOptions(opts...)
  3081  	return out, req.Send()
  3082  }
  3083  
  3084  const opDeleteOrganizationalUnit = "DeleteOrganizationalUnit"
  3085  
  3086  // DeleteOrganizationalUnitRequest generates a "aws/request.Request" representing the
  3087  // client's request for the DeleteOrganizationalUnit operation. The "output" return
  3088  // value will be populated with the request's response once the request completes
  3089  // successfully.
  3090  //
  3091  // Use "Send" method on the returned Request to send the API call to the service.
  3092  // the "output" return value is not valid until after Send returns without error.
  3093  //
  3094  // See DeleteOrganizationalUnit for more information on using the DeleteOrganizationalUnit
  3095  // API call, and error handling.
  3096  //
  3097  // This method is useful when you want to inject custom logic or configuration
  3098  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  3099  //
  3100  //
  3101  //    // Example sending a request using the DeleteOrganizationalUnitRequest method.
  3102  //    req, resp := client.DeleteOrganizationalUnitRequest(params)
  3103  //
  3104  //    err := req.Send()
  3105  //    if err == nil { // resp is now filled
  3106  //        fmt.Println(resp)
  3107  //    }
  3108  //
  3109  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
  3110  func (c *Organizations) DeleteOrganizationalUnitRequest(input *DeleteOrganizationalUnitInput) (req *request.Request, output *DeleteOrganizationalUnitOutput) {
  3111  	op := &request.Operation{
  3112  		Name:       opDeleteOrganizationalUnit,
  3113  		HTTPMethod: "POST",
  3114  		HTTPPath:   "/",
  3115  	}
  3116  
  3117  	if input == nil {
  3118  		input = &DeleteOrganizationalUnitInput{}
  3119  	}
  3120  
  3121  	output = &DeleteOrganizationalUnitOutput{}
  3122  	req = c.newRequest(op, input, output)
  3123  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
  3124  	return
  3125  }
  3126  
  3127  // DeleteOrganizationalUnit API operation for AWS Organizations.
  3128  //
  3129  // Deletes an organizational unit (OU) from a root or another OU. You must first
  3130  // remove all accounts and child OUs from the OU that you want to delete.
  3131  //
  3132  // This operation can be called only from the organization's management account.
  3133  //
  3134  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  3135  // with awserr.Error's Code and Message methods to get detailed information about
  3136  // the error.
  3137  //
  3138  // See the AWS API reference guide for AWS Organizations's
  3139  // API operation DeleteOrganizationalUnit for usage and error information.
  3140  //
  3141  // Returned Error Types:
  3142  //   * AccessDeniedException
  3143  //   You don't have permissions to perform the requested operation. The user or
  3144  //   role that is making the request must have at least one IAM permissions policy
  3145  //   attached that grants the required permissions. For more information, see
  3146  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  3147  //   in the IAM User Guide.
  3148  //
  3149  //   * AWSOrganizationsNotInUseException
  3150  //   Your account isn't a member of an organization. To make this request, you
  3151  //   must use the credentials of an account that belongs to an organization.
  3152  //
  3153  //   * ConcurrentModificationException
  3154  //   The target of the operation is currently being modified by a different request.
  3155  //   Try again later.
  3156  //
  3157  //   * InvalidInputException
  3158  //   The requested operation failed because you provided invalid values for one
  3159  //   or more of the request parameters. This exception includes a reason that
  3160  //   contains additional information about the violated limit:
  3161  //
  3162  //   Some of the reasons in the following list might not be applicable to this
  3163  //   specific API or operation.
  3164  //
  3165  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  3166  //      the same entity.
  3167  //
  3168  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  3169  //      can't be modified.
  3170  //
  3171  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  3172  //
  3173  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  3174  //      for the invited account owner.
  3175  //
  3176  //      * INVALID_ENUM: You specified an invalid value.
  3177  //
  3178  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  3179  //
  3180  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  3181  //      characters.
  3182  //
  3183  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  3184  //      at least one invalid value.
  3185  //
  3186  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  3187  //      from the response to a previous call of the operation.
  3188  //
  3189  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  3190  //      organization, or email) as a party.
  3191  //
  3192  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  3193  //      pattern.
  3194  //
  3195  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  3196  //      match the required pattern.
  3197  //
  3198  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  3199  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  3200  //
  3201  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  3202  //      Name (ARN) for the organization.
  3203  //
  3204  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  3205  //
  3206  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  3207  //      tag. You can’t add, edit, or delete system tag keys because they're
  3208  //      reserved for AWS use. System tags don’t count against your tags per
  3209  //      resource limit.
  3210  //
  3211  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  3212  //      for the operation.
  3213  //
  3214  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  3215  //      than allowed.
  3216  //
  3217  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  3218  //      value than allowed.
  3219  //
  3220  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  3221  //      than allowed.
  3222  //
  3223  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  3224  //      value than allowed.
  3225  //
  3226  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  3227  //      between entities in the same root.
  3228  //
  3229  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  3230  //      target entity.
  3231  //
  3232  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  3233  //      isn't recognized.
  3234  //
  3235  //   * OrganizationalUnitNotEmptyException
  3236  //   The specified OU is not empty. Move all accounts to another root or to other
  3237  //   OUs, remove all child OUs, and try the operation again.
  3238  //
  3239  //   * OrganizationalUnitNotFoundException
  3240  //   We can't find an OU with the OrganizationalUnitId that you specified.
  3241  //
  3242  //   * ServiceException
  3243  //   AWS Organizations can't complete your request because of an internal service
  3244  //   error. Try again later.
  3245  //
  3246  //   * TooManyRequestsException
  3247  //   You have sent too many requests in too short a period of time. The quota
  3248  //   helps protect against denial-of-service attacks. Try again later.
  3249  //
  3250  //   For information about quotas that affect AWS Organizations, see Quotas for
  3251  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  3252  //   the AWS Organizations User Guide.
  3253  //
  3254  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeleteOrganizationalUnit
  3255  func (c *Organizations) DeleteOrganizationalUnit(input *DeleteOrganizationalUnitInput) (*DeleteOrganizationalUnitOutput, error) {
  3256  	req, out := c.DeleteOrganizationalUnitRequest(input)
  3257  	return out, req.Send()
  3258  }
  3259  
  3260  // DeleteOrganizationalUnitWithContext is the same as DeleteOrganizationalUnit with the addition of
  3261  // the ability to pass a context and additional request options.
  3262  //
  3263  // See DeleteOrganizationalUnit for details on how to use this API operation.
  3264  //
  3265  // The context must be non-nil and will be used for request cancellation. If
  3266  // the context is nil a panic will occur. In the future the SDK may create
  3267  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  3268  // for more information on using Contexts.
  3269  func (c *Organizations) DeleteOrganizationalUnitWithContext(ctx aws.Context, input *DeleteOrganizationalUnitInput, opts ...request.Option) (*DeleteOrganizationalUnitOutput, error) {
  3270  	req, out := c.DeleteOrganizationalUnitRequest(input)
  3271  	req.SetContext(ctx)
  3272  	req.ApplyOptions(opts...)
  3273  	return out, req.Send()
  3274  }
  3275  
  3276  const opDeletePolicy = "DeletePolicy"
  3277  
  3278  // DeletePolicyRequest generates a "aws/request.Request" representing the
  3279  // client's request for the DeletePolicy operation. The "output" return
  3280  // value will be populated with the request's response once the request completes
  3281  // successfully.
  3282  //
  3283  // Use "Send" method on the returned Request to send the API call to the service.
  3284  // the "output" return value is not valid until after Send returns without error.
  3285  //
  3286  // See DeletePolicy for more information on using the DeletePolicy
  3287  // API call, and error handling.
  3288  //
  3289  // This method is useful when you want to inject custom logic or configuration
  3290  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  3291  //
  3292  //
  3293  //    // Example sending a request using the DeletePolicyRequest method.
  3294  //    req, resp := client.DeletePolicyRequest(params)
  3295  //
  3296  //    err := req.Send()
  3297  //    if err == nil { // resp is now filled
  3298  //        fmt.Println(resp)
  3299  //    }
  3300  //
  3301  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
  3302  func (c *Organizations) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) {
  3303  	op := &request.Operation{
  3304  		Name:       opDeletePolicy,
  3305  		HTTPMethod: "POST",
  3306  		HTTPPath:   "/",
  3307  	}
  3308  
  3309  	if input == nil {
  3310  		input = &DeletePolicyInput{}
  3311  	}
  3312  
  3313  	output = &DeletePolicyOutput{}
  3314  	req = c.newRequest(op, input, output)
  3315  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
  3316  	return
  3317  }
  3318  
  3319  // DeletePolicy API operation for AWS Organizations.
  3320  //
  3321  // Deletes the specified policy from your organization. Before you perform this
  3322  // operation, you must first detach the policy from all organizational units
  3323  // (OUs), roots, and accounts.
  3324  //
  3325  // This operation can be called only from the organization's management account.
  3326  //
  3327  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  3328  // with awserr.Error's Code and Message methods to get detailed information about
  3329  // the error.
  3330  //
  3331  // See the AWS API reference guide for AWS Organizations's
  3332  // API operation DeletePolicy for usage and error information.
  3333  //
  3334  // Returned Error Types:
  3335  //   * AccessDeniedException
  3336  //   You don't have permissions to perform the requested operation. The user or
  3337  //   role that is making the request must have at least one IAM permissions policy
  3338  //   attached that grants the required permissions. For more information, see
  3339  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  3340  //   in the IAM User Guide.
  3341  //
  3342  //   * AWSOrganizationsNotInUseException
  3343  //   Your account isn't a member of an organization. To make this request, you
  3344  //   must use the credentials of an account that belongs to an organization.
  3345  //
  3346  //   * ConcurrentModificationException
  3347  //   The target of the operation is currently being modified by a different request.
  3348  //   Try again later.
  3349  //
  3350  //   * InvalidInputException
  3351  //   The requested operation failed because you provided invalid values for one
  3352  //   or more of the request parameters. This exception includes a reason that
  3353  //   contains additional information about the violated limit:
  3354  //
  3355  //   Some of the reasons in the following list might not be applicable to this
  3356  //   specific API or operation.
  3357  //
  3358  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  3359  //      the same entity.
  3360  //
  3361  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  3362  //      can't be modified.
  3363  //
  3364  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  3365  //
  3366  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  3367  //      for the invited account owner.
  3368  //
  3369  //      * INVALID_ENUM: You specified an invalid value.
  3370  //
  3371  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  3372  //
  3373  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  3374  //      characters.
  3375  //
  3376  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  3377  //      at least one invalid value.
  3378  //
  3379  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  3380  //      from the response to a previous call of the operation.
  3381  //
  3382  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  3383  //      organization, or email) as a party.
  3384  //
  3385  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  3386  //      pattern.
  3387  //
  3388  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  3389  //      match the required pattern.
  3390  //
  3391  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  3392  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  3393  //
  3394  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  3395  //      Name (ARN) for the organization.
  3396  //
  3397  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  3398  //
  3399  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  3400  //      tag. You can’t add, edit, or delete system tag keys because they're
  3401  //      reserved for AWS use. System tags don’t count against your tags per
  3402  //      resource limit.
  3403  //
  3404  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  3405  //      for the operation.
  3406  //
  3407  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  3408  //      than allowed.
  3409  //
  3410  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  3411  //      value than allowed.
  3412  //
  3413  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  3414  //      than allowed.
  3415  //
  3416  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  3417  //      value than allowed.
  3418  //
  3419  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  3420  //      between entities in the same root.
  3421  //
  3422  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  3423  //      target entity.
  3424  //
  3425  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  3426  //      isn't recognized.
  3427  //
  3428  //   * PolicyInUseException
  3429  //   The policy is attached to one or more entities. You must detach it from all
  3430  //   roots, OUs, and accounts before performing this operation.
  3431  //
  3432  //   * PolicyNotFoundException
  3433  //   We can't find a policy with the PolicyId that you specified.
  3434  //
  3435  //   * ServiceException
  3436  //   AWS Organizations can't complete your request because of an internal service
  3437  //   error. Try again later.
  3438  //
  3439  //   * TooManyRequestsException
  3440  //   You have sent too many requests in too short a period of time. The quota
  3441  //   helps protect against denial-of-service attacks. Try again later.
  3442  //
  3443  //   For information about quotas that affect AWS Organizations, see Quotas for
  3444  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  3445  //   the AWS Organizations User Guide.
  3446  //
  3447  //   * UnsupportedAPIEndpointException
  3448  //   This action isn't available in the current AWS Region.
  3449  //
  3450  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeletePolicy
  3451  func (c *Organizations) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) {
  3452  	req, out := c.DeletePolicyRequest(input)
  3453  	return out, req.Send()
  3454  }
  3455  
  3456  // DeletePolicyWithContext is the same as DeletePolicy with the addition of
  3457  // the ability to pass a context and additional request options.
  3458  //
  3459  // See DeletePolicy for details on how to use this API operation.
  3460  //
  3461  // The context must be non-nil and will be used for request cancellation. If
  3462  // the context is nil a panic will occur. In the future the SDK may create
  3463  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  3464  // for more information on using Contexts.
  3465  func (c *Organizations) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) {
  3466  	req, out := c.DeletePolicyRequest(input)
  3467  	req.SetContext(ctx)
  3468  	req.ApplyOptions(opts...)
  3469  	return out, req.Send()
  3470  }
  3471  
  3472  const opDeregisterDelegatedAdministrator = "DeregisterDelegatedAdministrator"
  3473  
  3474  // DeregisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the
  3475  // client's request for the DeregisterDelegatedAdministrator operation. The "output" return
  3476  // value will be populated with the request's response once the request completes
  3477  // successfully.
  3478  //
  3479  // Use "Send" method on the returned Request to send the API call to the service.
  3480  // the "output" return value is not valid until after Send returns without error.
  3481  //
  3482  // See DeregisterDelegatedAdministrator for more information on using the DeregisterDelegatedAdministrator
  3483  // API call, and error handling.
  3484  //
  3485  // This method is useful when you want to inject custom logic or configuration
  3486  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  3487  //
  3488  //
  3489  //    // Example sending a request using the DeregisterDelegatedAdministratorRequest method.
  3490  //    req, resp := client.DeregisterDelegatedAdministratorRequest(params)
  3491  //
  3492  //    err := req.Send()
  3493  //    if err == nil { // resp is now filled
  3494  //        fmt.Println(resp)
  3495  //    }
  3496  //
  3497  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator
  3498  func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *DeregisterDelegatedAdministratorInput) (req *request.Request, output *DeregisterDelegatedAdministratorOutput) {
  3499  	op := &request.Operation{
  3500  		Name:       opDeregisterDelegatedAdministrator,
  3501  		HTTPMethod: "POST",
  3502  		HTTPPath:   "/",
  3503  	}
  3504  
  3505  	if input == nil {
  3506  		input = &DeregisterDelegatedAdministratorInput{}
  3507  	}
  3508  
  3509  	output = &DeregisterDelegatedAdministratorOutput{}
  3510  	req = c.newRequest(op, input, output)
  3511  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
  3512  	return
  3513  }
  3514  
  3515  // DeregisterDelegatedAdministrator API operation for AWS Organizations.
  3516  //
  3517  // Removes the specified member AWS account as a delegated administrator for
  3518  // the specified AWS service.
  3519  //
  3520  // Deregistering a delegated administrator can have unintended impacts on the
  3521  // functionality of the enabled AWS service. See the documentation for the enabled
  3522  // service before you deregister a delegated administrator so that you understand
  3523  // any potential impacts.
  3524  //
  3525  // You can run this action only for AWS services that support this feature.
  3526  // For a current list of services that support it, see the column Supports Delegated
  3527  // Administrator in the table at AWS Services that you can use with AWS Organizations
  3528  // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
  3529  // in the AWS Organizations User Guide.
  3530  //
  3531  // This operation can be called only from the organization's management account.
  3532  //
  3533  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  3534  // with awserr.Error's Code and Message methods to get detailed information about
  3535  // the error.
  3536  //
  3537  // See the AWS API reference guide for AWS Organizations's
  3538  // API operation DeregisterDelegatedAdministrator for usage and error information.
  3539  //
  3540  // Returned Error Types:
  3541  //   * AccessDeniedException
  3542  //   You don't have permissions to perform the requested operation. The user or
  3543  //   role that is making the request must have at least one IAM permissions policy
  3544  //   attached that grants the required permissions. For more information, see
  3545  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  3546  //   in the IAM User Guide.
  3547  //
  3548  //   * AccountNotFoundException
  3549  //   We can't find an AWS account with the AccountId that you specified, or the
  3550  //   account whose credentials you used to make this request isn't a member of
  3551  //   an organization.
  3552  //
  3553  //   * AccountNotRegisteredException
  3554  //   The specified account is not a delegated administrator for this AWS service.
  3555  //
  3556  //   * AWSOrganizationsNotInUseException
  3557  //   Your account isn't a member of an organization. To make this request, you
  3558  //   must use the credentials of an account that belongs to an organization.
  3559  //
  3560  //   * ConcurrentModificationException
  3561  //   The target of the operation is currently being modified by a different request.
  3562  //   Try again later.
  3563  //
  3564  //   * ConstraintViolationException
  3565  //   Performing this operation violates a minimum or maximum value limit. For
  3566  //   example, attempting to remove the last service control policy (SCP) from
  3567  //   an OU or root, inviting or creating too many accounts to the organization,
  3568  //   or attaching too many policies to an account, OU, or root. This exception
  3569  //   includes a reason that contains additional information about the violated
  3570  //   limit:
  3571  //
  3572  //   Some of the reasons in the following list might not be applicable to this
  3573  //   specific API or operation.
  3574  //
  3575  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  3576  //      account from the organization. You can't remove the management account.
  3577  //      Instead, after you remove all member accounts, delete the organization
  3578  //      itself.
  3579  //
  3580  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  3581  //      from the organization that doesn't yet have enough information to exist
  3582  //      as a standalone account. This account requires you to first agree to the
  3583  //      AWS Customer Agreement. Follow the steps at Removing a member account
  3584  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  3585  //      the AWS Organizations User Guide.
  3586  //
  3587  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  3588  //      an account from the organization that doesn't yet have enough information
  3589  //      to exist as a standalone account. This account requires you to first complete
  3590  //      phone verification. Follow the steps at Removing a member account from
  3591  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  3592  //      in the AWS Organizations User Guide.
  3593  //
  3594  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  3595  //      of accounts that you can create in one day.
  3596  //
  3597  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  3598  //      the number of accounts in an organization. If you need more accounts,
  3599  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  3600  //      request an increase in your limit. Or the number of invitations that you
  3601  //      tried to send would cause you to exceed the limit of accounts in your
  3602  //      organization. Send fewer invitations or contact AWS Support to request
  3603  //      an increase in the number of accounts. Deleted and closed accounts still
  3604  //      count toward your limit. If you get this exception when running a command
  3605  //      immediately after creating the organization, wait one hour and try again.
  3606  //      After an hour, if the command continues to fail with this error, contact
  3607  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  3608  //
  3609  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  3610  //      register the management account of the organization as a delegated administrator
  3611  //      for an AWS service integrated with Organizations. You can designate only
  3612  //      a member account as a delegated administrator.
  3613  //
  3614  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  3615  //      an account that is registered as a delegated administrator for a service
  3616  //      integrated with your organization. To complete this operation, you must
  3617  //      first deregister this account as a delegated administrator.
  3618  //
  3619  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  3620  //      organization in the specified region, you must enable all features mode.
  3621  //
  3622  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  3623  //      an AWS account as a delegated administrator for an AWS service that already
  3624  //      has a delegated administrator. To complete this operation, you must first
  3625  //      deregister any existing delegated administrators for this service.
  3626  //
  3627  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  3628  //      valid for a limited period of time. You must resubmit the request and
  3629  //      generate a new verfication code.
  3630  //
  3631  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  3632  //      handshakes that you can send in one day.
  3633  //
  3634  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  3635  //      in this organization, you first must migrate the organization's management
  3636  //      account to the marketplace that corresponds to the management account's
  3637  //      address. For example, accounts with India addresses must be associated
  3638  //      with the AISPL marketplace. All accounts in an organization must be associated
  3639  //      with the same marketplace.
  3640  //
  3641  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  3642  //      in China. To create an organization, the master must have a valid business
  3643  //      license. For more information, contact customer support.
  3644  //
  3645  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  3646  //      must first provide a valid contact address and phone number for the management
  3647  //      account. Then try the operation again.
  3648  //
  3649  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  3650  //      management account must have an associated account in the AWS GovCloud
  3651  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  3652  //      in the AWS GovCloud User Guide.
  3653  //
  3654  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  3655  //      with this management account, you first must associate a valid payment
  3656  //      instrument, such as a credit card, with the account. Follow the steps
  3657  //      at To leave an organization when all required account information has
  3658  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  3659  //      in the AWS Organizations User Guide.
  3660  //
  3661  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  3662  //      to register more delegated administrators than allowed for the service
  3663  //      principal.
  3664  //
  3665  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  3666  //      number of policies of a certain type that can be attached to an entity
  3667  //      at one time.
  3668  //
  3669  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  3670  //      on this resource.
  3671  //
  3672  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  3673  //      with this member account, you first must associate a valid payment instrument,
  3674  //      such as a credit card, with the account. Follow the steps at To leave
  3675  //      an organization when all required account information has not yet been
  3676  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  3677  //      in the AWS Organizations User Guide.
  3678  //
  3679  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  3680  //      policy from an entity that would cause the entity to have fewer than the
  3681  //      minimum number of policies of a certain type required.
  3682  //
  3683  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  3684  //      that requires the organization to be configured to support all features.
  3685  //      An organization that supports only consolidated billing features can't
  3686  //      perform this operation.
  3687  //
  3688  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  3689  //      too many levels deep.
  3690  //
  3691  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  3692  //      that you can have in an organization.
  3693  //
  3694  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  3695  //      is larger than the maximum size.
  3696  //
  3697  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  3698  //      policies that you can have in an organization.
  3699  //
  3700  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  3701  //      tags that are not compliant with the tag policy requirements for this
  3702  //      account.
  3703  //
  3704  //   * InvalidInputException
  3705  //   The requested operation failed because you provided invalid values for one
  3706  //   or more of the request parameters. This exception includes a reason that
  3707  //   contains additional information about the violated limit:
  3708  //
  3709  //   Some of the reasons in the following list might not be applicable to this
  3710  //   specific API or operation.
  3711  //
  3712  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  3713  //      the same entity.
  3714  //
  3715  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  3716  //      can't be modified.
  3717  //
  3718  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  3719  //
  3720  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  3721  //      for the invited account owner.
  3722  //
  3723  //      * INVALID_ENUM: You specified an invalid value.
  3724  //
  3725  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  3726  //
  3727  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  3728  //      characters.
  3729  //
  3730  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  3731  //      at least one invalid value.
  3732  //
  3733  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  3734  //      from the response to a previous call of the operation.
  3735  //
  3736  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  3737  //      organization, or email) as a party.
  3738  //
  3739  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  3740  //      pattern.
  3741  //
  3742  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  3743  //      match the required pattern.
  3744  //
  3745  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  3746  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  3747  //
  3748  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  3749  //      Name (ARN) for the organization.
  3750  //
  3751  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  3752  //
  3753  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  3754  //      tag. You can’t add, edit, or delete system tag keys because they're
  3755  //      reserved for AWS use. System tags don’t count against your tags per
  3756  //      resource limit.
  3757  //
  3758  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  3759  //      for the operation.
  3760  //
  3761  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  3762  //      than allowed.
  3763  //
  3764  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  3765  //      value than allowed.
  3766  //
  3767  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  3768  //      than allowed.
  3769  //
  3770  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  3771  //      value than allowed.
  3772  //
  3773  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  3774  //      between entities in the same root.
  3775  //
  3776  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  3777  //      target entity.
  3778  //
  3779  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  3780  //      isn't recognized.
  3781  //
  3782  //   * TooManyRequestsException
  3783  //   You have sent too many requests in too short a period of time. The quota
  3784  //   helps protect against denial-of-service attacks. Try again later.
  3785  //
  3786  //   For information about quotas that affect AWS Organizations, see Quotas for
  3787  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  3788  //   the AWS Organizations User Guide.
  3789  //
  3790  //   * ServiceException
  3791  //   AWS Organizations can't complete your request because of an internal service
  3792  //   error. Try again later.
  3793  //
  3794  //   * UnsupportedAPIEndpointException
  3795  //   This action isn't available in the current AWS Region.
  3796  //
  3797  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DeregisterDelegatedAdministrator
  3798  func (c *Organizations) DeregisterDelegatedAdministrator(input *DeregisterDelegatedAdministratorInput) (*DeregisterDelegatedAdministratorOutput, error) {
  3799  	req, out := c.DeregisterDelegatedAdministratorRequest(input)
  3800  	return out, req.Send()
  3801  }
  3802  
  3803  // DeregisterDelegatedAdministratorWithContext is the same as DeregisterDelegatedAdministrator with the addition of
  3804  // the ability to pass a context and additional request options.
  3805  //
  3806  // See DeregisterDelegatedAdministrator for details on how to use this API operation.
  3807  //
  3808  // The context must be non-nil and will be used for request cancellation. If
  3809  // the context is nil a panic will occur. In the future the SDK may create
  3810  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  3811  // for more information on using Contexts.
  3812  func (c *Organizations) DeregisterDelegatedAdministratorWithContext(ctx aws.Context, input *DeregisterDelegatedAdministratorInput, opts ...request.Option) (*DeregisterDelegatedAdministratorOutput, error) {
  3813  	req, out := c.DeregisterDelegatedAdministratorRequest(input)
  3814  	req.SetContext(ctx)
  3815  	req.ApplyOptions(opts...)
  3816  	return out, req.Send()
  3817  }
  3818  
  3819  const opDescribeAccount = "DescribeAccount"
  3820  
  3821  // DescribeAccountRequest generates a "aws/request.Request" representing the
  3822  // client's request for the DescribeAccount operation. The "output" return
  3823  // value will be populated with the request's response once the request completes
  3824  // successfully.
  3825  //
  3826  // Use "Send" method on the returned Request to send the API call to the service.
  3827  // the "output" return value is not valid until after Send returns without error.
  3828  //
  3829  // See DescribeAccount for more information on using the DescribeAccount
  3830  // API call, and error handling.
  3831  //
  3832  // This method is useful when you want to inject custom logic or configuration
  3833  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  3834  //
  3835  //
  3836  //    // Example sending a request using the DescribeAccountRequest method.
  3837  //    req, resp := client.DescribeAccountRequest(params)
  3838  //
  3839  //    err := req.Send()
  3840  //    if err == nil { // resp is now filled
  3841  //        fmt.Println(resp)
  3842  //    }
  3843  //
  3844  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
  3845  func (c *Organizations) DescribeAccountRequest(input *DescribeAccountInput) (req *request.Request, output *DescribeAccountOutput) {
  3846  	op := &request.Operation{
  3847  		Name:       opDescribeAccount,
  3848  		HTTPMethod: "POST",
  3849  		HTTPPath:   "/",
  3850  	}
  3851  
  3852  	if input == nil {
  3853  		input = &DescribeAccountInput{}
  3854  	}
  3855  
  3856  	output = &DescribeAccountOutput{}
  3857  	req = c.newRequest(op, input, output)
  3858  	return
  3859  }
  3860  
  3861  // DescribeAccount API operation for AWS Organizations.
  3862  //
  3863  // Retrieves AWS Organizations-related information about the specified account.
  3864  //
  3865  // This operation can be called only from the organization's management account
  3866  // or by a member account that is a delegated administrator for an AWS service.
  3867  //
  3868  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  3869  // with awserr.Error's Code and Message methods to get detailed information about
  3870  // the error.
  3871  //
  3872  // See the AWS API reference guide for AWS Organizations's
  3873  // API operation DescribeAccount for usage and error information.
  3874  //
  3875  // Returned Error Types:
  3876  //   * AccessDeniedException
  3877  //   You don't have permissions to perform the requested operation. The user or
  3878  //   role that is making the request must have at least one IAM permissions policy
  3879  //   attached that grants the required permissions. For more information, see
  3880  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  3881  //   in the IAM User Guide.
  3882  //
  3883  //   * AccountNotFoundException
  3884  //   We can't find an AWS account with the AccountId that you specified, or the
  3885  //   account whose credentials you used to make this request isn't a member of
  3886  //   an organization.
  3887  //
  3888  //   * AWSOrganizationsNotInUseException
  3889  //   Your account isn't a member of an organization. To make this request, you
  3890  //   must use the credentials of an account that belongs to an organization.
  3891  //
  3892  //   * InvalidInputException
  3893  //   The requested operation failed because you provided invalid values for one
  3894  //   or more of the request parameters. This exception includes a reason that
  3895  //   contains additional information about the violated limit:
  3896  //
  3897  //   Some of the reasons in the following list might not be applicable to this
  3898  //   specific API or operation.
  3899  //
  3900  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  3901  //      the same entity.
  3902  //
  3903  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  3904  //      can't be modified.
  3905  //
  3906  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  3907  //
  3908  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  3909  //      for the invited account owner.
  3910  //
  3911  //      * INVALID_ENUM: You specified an invalid value.
  3912  //
  3913  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  3914  //
  3915  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  3916  //      characters.
  3917  //
  3918  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  3919  //      at least one invalid value.
  3920  //
  3921  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  3922  //      from the response to a previous call of the operation.
  3923  //
  3924  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  3925  //      organization, or email) as a party.
  3926  //
  3927  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  3928  //      pattern.
  3929  //
  3930  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  3931  //      match the required pattern.
  3932  //
  3933  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  3934  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  3935  //
  3936  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  3937  //      Name (ARN) for the organization.
  3938  //
  3939  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  3940  //
  3941  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  3942  //      tag. You can’t add, edit, or delete system tag keys because they're
  3943  //      reserved for AWS use. System tags don’t count against your tags per
  3944  //      resource limit.
  3945  //
  3946  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  3947  //      for the operation.
  3948  //
  3949  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  3950  //      than allowed.
  3951  //
  3952  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  3953  //      value than allowed.
  3954  //
  3955  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  3956  //      than allowed.
  3957  //
  3958  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  3959  //      value than allowed.
  3960  //
  3961  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  3962  //      between entities in the same root.
  3963  //
  3964  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  3965  //      target entity.
  3966  //
  3967  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  3968  //      isn't recognized.
  3969  //
  3970  //   * ServiceException
  3971  //   AWS Organizations can't complete your request because of an internal service
  3972  //   error. Try again later.
  3973  //
  3974  //   * TooManyRequestsException
  3975  //   You have sent too many requests in too short a period of time. The quota
  3976  //   helps protect against denial-of-service attacks. Try again later.
  3977  //
  3978  //   For information about quotas that affect AWS Organizations, see Quotas for
  3979  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  3980  //   the AWS Organizations User Guide.
  3981  //
  3982  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeAccount
  3983  func (c *Organizations) DescribeAccount(input *DescribeAccountInput) (*DescribeAccountOutput, error) {
  3984  	req, out := c.DescribeAccountRequest(input)
  3985  	return out, req.Send()
  3986  }
  3987  
  3988  // DescribeAccountWithContext is the same as DescribeAccount with the addition of
  3989  // the ability to pass a context and additional request options.
  3990  //
  3991  // See DescribeAccount for details on how to use this API operation.
  3992  //
  3993  // The context must be non-nil and will be used for request cancellation. If
  3994  // the context is nil a panic will occur. In the future the SDK may create
  3995  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  3996  // for more information on using Contexts.
  3997  func (c *Organizations) DescribeAccountWithContext(ctx aws.Context, input *DescribeAccountInput, opts ...request.Option) (*DescribeAccountOutput, error) {
  3998  	req, out := c.DescribeAccountRequest(input)
  3999  	req.SetContext(ctx)
  4000  	req.ApplyOptions(opts...)
  4001  	return out, req.Send()
  4002  }
  4003  
  4004  const opDescribeCreateAccountStatus = "DescribeCreateAccountStatus"
  4005  
  4006  // DescribeCreateAccountStatusRequest generates a "aws/request.Request" representing the
  4007  // client's request for the DescribeCreateAccountStatus operation. The "output" return
  4008  // value will be populated with the request's response once the request completes
  4009  // successfully.
  4010  //
  4011  // Use "Send" method on the returned Request to send the API call to the service.
  4012  // the "output" return value is not valid until after Send returns without error.
  4013  //
  4014  // See DescribeCreateAccountStatus for more information on using the DescribeCreateAccountStatus
  4015  // API call, and error handling.
  4016  //
  4017  // This method is useful when you want to inject custom logic or configuration
  4018  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  4019  //
  4020  //
  4021  //    // Example sending a request using the DescribeCreateAccountStatusRequest method.
  4022  //    req, resp := client.DescribeCreateAccountStatusRequest(params)
  4023  //
  4024  //    err := req.Send()
  4025  //    if err == nil { // resp is now filled
  4026  //        fmt.Println(resp)
  4027  //    }
  4028  //
  4029  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
  4030  func (c *Organizations) DescribeCreateAccountStatusRequest(input *DescribeCreateAccountStatusInput) (req *request.Request, output *DescribeCreateAccountStatusOutput) {
  4031  	op := &request.Operation{
  4032  		Name:       opDescribeCreateAccountStatus,
  4033  		HTTPMethod: "POST",
  4034  		HTTPPath:   "/",
  4035  	}
  4036  
  4037  	if input == nil {
  4038  		input = &DescribeCreateAccountStatusInput{}
  4039  	}
  4040  
  4041  	output = &DescribeCreateAccountStatusOutput{}
  4042  	req = c.newRequest(op, input, output)
  4043  	return
  4044  }
  4045  
  4046  // DescribeCreateAccountStatus API operation for AWS Organizations.
  4047  //
  4048  // Retrieves the current status of an asynchronous request to create an account.
  4049  //
  4050  // This operation can be called only from the organization's management account
  4051  // or by a member account that is a delegated administrator for an AWS service.
  4052  //
  4053  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  4054  // with awserr.Error's Code and Message methods to get detailed information about
  4055  // the error.
  4056  //
  4057  // See the AWS API reference guide for AWS Organizations's
  4058  // API operation DescribeCreateAccountStatus for usage and error information.
  4059  //
  4060  // Returned Error Types:
  4061  //   * AccessDeniedException
  4062  //   You don't have permissions to perform the requested operation. The user or
  4063  //   role that is making the request must have at least one IAM permissions policy
  4064  //   attached that grants the required permissions. For more information, see
  4065  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  4066  //   in the IAM User Guide.
  4067  //
  4068  //   * AWSOrganizationsNotInUseException
  4069  //   Your account isn't a member of an organization. To make this request, you
  4070  //   must use the credentials of an account that belongs to an organization.
  4071  //
  4072  //   * CreateAccountStatusNotFoundException
  4073  //   We can't find an create account request with the CreateAccountRequestId that
  4074  //   you specified.
  4075  //
  4076  //   * InvalidInputException
  4077  //   The requested operation failed because you provided invalid values for one
  4078  //   or more of the request parameters. This exception includes a reason that
  4079  //   contains additional information about the violated limit:
  4080  //
  4081  //   Some of the reasons in the following list might not be applicable to this
  4082  //   specific API or operation.
  4083  //
  4084  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  4085  //      the same entity.
  4086  //
  4087  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  4088  //      can't be modified.
  4089  //
  4090  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  4091  //
  4092  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  4093  //      for the invited account owner.
  4094  //
  4095  //      * INVALID_ENUM: You specified an invalid value.
  4096  //
  4097  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  4098  //
  4099  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  4100  //      characters.
  4101  //
  4102  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  4103  //      at least one invalid value.
  4104  //
  4105  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  4106  //      from the response to a previous call of the operation.
  4107  //
  4108  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  4109  //      organization, or email) as a party.
  4110  //
  4111  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  4112  //      pattern.
  4113  //
  4114  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  4115  //      match the required pattern.
  4116  //
  4117  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  4118  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  4119  //
  4120  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  4121  //      Name (ARN) for the organization.
  4122  //
  4123  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  4124  //
  4125  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  4126  //      tag. You can’t add, edit, or delete system tag keys because they're
  4127  //      reserved for AWS use. System tags don’t count against your tags per
  4128  //      resource limit.
  4129  //
  4130  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  4131  //      for the operation.
  4132  //
  4133  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  4134  //      than allowed.
  4135  //
  4136  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  4137  //      value than allowed.
  4138  //
  4139  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  4140  //      than allowed.
  4141  //
  4142  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  4143  //      value than allowed.
  4144  //
  4145  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  4146  //      between entities in the same root.
  4147  //
  4148  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  4149  //      target entity.
  4150  //
  4151  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  4152  //      isn't recognized.
  4153  //
  4154  //   * ServiceException
  4155  //   AWS Organizations can't complete your request because of an internal service
  4156  //   error. Try again later.
  4157  //
  4158  //   * TooManyRequestsException
  4159  //   You have sent too many requests in too short a period of time. The quota
  4160  //   helps protect against denial-of-service attacks. Try again later.
  4161  //
  4162  //   For information about quotas that affect AWS Organizations, see Quotas for
  4163  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  4164  //   the AWS Organizations User Guide.
  4165  //
  4166  //   * UnsupportedAPIEndpointException
  4167  //   This action isn't available in the current AWS Region.
  4168  //
  4169  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeCreateAccountStatus
  4170  func (c *Organizations) DescribeCreateAccountStatus(input *DescribeCreateAccountStatusInput) (*DescribeCreateAccountStatusOutput, error) {
  4171  	req, out := c.DescribeCreateAccountStatusRequest(input)
  4172  	return out, req.Send()
  4173  }
  4174  
  4175  // DescribeCreateAccountStatusWithContext is the same as DescribeCreateAccountStatus with the addition of
  4176  // the ability to pass a context and additional request options.
  4177  //
  4178  // See DescribeCreateAccountStatus for details on how to use this API operation.
  4179  //
  4180  // The context must be non-nil and will be used for request cancellation. If
  4181  // the context is nil a panic will occur. In the future the SDK may create
  4182  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  4183  // for more information on using Contexts.
  4184  func (c *Organizations) DescribeCreateAccountStatusWithContext(ctx aws.Context, input *DescribeCreateAccountStatusInput, opts ...request.Option) (*DescribeCreateAccountStatusOutput, error) {
  4185  	req, out := c.DescribeCreateAccountStatusRequest(input)
  4186  	req.SetContext(ctx)
  4187  	req.ApplyOptions(opts...)
  4188  	return out, req.Send()
  4189  }
  4190  
  4191  const opDescribeEffectivePolicy = "DescribeEffectivePolicy"
  4192  
  4193  // DescribeEffectivePolicyRequest generates a "aws/request.Request" representing the
  4194  // client's request for the DescribeEffectivePolicy operation. The "output" return
  4195  // value will be populated with the request's response once the request completes
  4196  // successfully.
  4197  //
  4198  // Use "Send" method on the returned Request to send the API call to the service.
  4199  // the "output" return value is not valid until after Send returns without error.
  4200  //
  4201  // See DescribeEffectivePolicy for more information on using the DescribeEffectivePolicy
  4202  // API call, and error handling.
  4203  //
  4204  // This method is useful when you want to inject custom logic or configuration
  4205  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  4206  //
  4207  //
  4208  //    // Example sending a request using the DescribeEffectivePolicyRequest method.
  4209  //    req, resp := client.DescribeEffectivePolicyRequest(params)
  4210  //
  4211  //    err := req.Send()
  4212  //    if err == nil { // resp is now filled
  4213  //        fmt.Println(resp)
  4214  //    }
  4215  //
  4216  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
  4217  func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectivePolicyInput) (req *request.Request, output *DescribeEffectivePolicyOutput) {
  4218  	op := &request.Operation{
  4219  		Name:       opDescribeEffectivePolicy,
  4220  		HTTPMethod: "POST",
  4221  		HTTPPath:   "/",
  4222  	}
  4223  
  4224  	if input == nil {
  4225  		input = &DescribeEffectivePolicyInput{}
  4226  	}
  4227  
  4228  	output = &DescribeEffectivePolicyOutput{}
  4229  	req = c.newRequest(op, input, output)
  4230  	return
  4231  }
  4232  
  4233  // DescribeEffectivePolicy API operation for AWS Organizations.
  4234  //
  4235  // Returns the contents of the effective policy for specified policy type and
  4236  // account. The effective policy is the aggregation of any policies of the specified
  4237  // type that the account inherits, plus any policy of that type that is directly
  4238  // attached to the account.
  4239  //
  4240  // This operation applies only to policy types other than service control policies
  4241  // (SCPs).
  4242  //
  4243  // For more information about policy inheritance, see How Policy Inheritance
  4244  // Works (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies-inheritance.html)
  4245  // in the AWS Organizations User Guide.
  4246  //
  4247  // This operation can be called only from the organization's management account
  4248  // or by a member account that is a delegated administrator for an AWS service.
  4249  //
  4250  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  4251  // with awserr.Error's Code and Message methods to get detailed information about
  4252  // the error.
  4253  //
  4254  // See the AWS API reference guide for AWS Organizations's
  4255  // API operation DescribeEffectivePolicy for usage and error information.
  4256  //
  4257  // Returned Error Types:
  4258  //   * AccessDeniedException
  4259  //   You don't have permissions to perform the requested operation. The user or
  4260  //   role that is making the request must have at least one IAM permissions policy
  4261  //   attached that grants the required permissions. For more information, see
  4262  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  4263  //   in the IAM User Guide.
  4264  //
  4265  //   * AWSOrganizationsNotInUseException
  4266  //   Your account isn't a member of an organization. To make this request, you
  4267  //   must use the credentials of an account that belongs to an organization.
  4268  //
  4269  //   * ConstraintViolationException
  4270  //   Performing this operation violates a minimum or maximum value limit. For
  4271  //   example, attempting to remove the last service control policy (SCP) from
  4272  //   an OU or root, inviting or creating too many accounts to the organization,
  4273  //   or attaching too many policies to an account, OU, or root. This exception
  4274  //   includes a reason that contains additional information about the violated
  4275  //   limit:
  4276  //
  4277  //   Some of the reasons in the following list might not be applicable to this
  4278  //   specific API or operation.
  4279  //
  4280  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  4281  //      account from the organization. You can't remove the management account.
  4282  //      Instead, after you remove all member accounts, delete the organization
  4283  //      itself.
  4284  //
  4285  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  4286  //      from the organization that doesn't yet have enough information to exist
  4287  //      as a standalone account. This account requires you to first agree to the
  4288  //      AWS Customer Agreement. Follow the steps at Removing a member account
  4289  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  4290  //      the AWS Organizations User Guide.
  4291  //
  4292  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  4293  //      an account from the organization that doesn't yet have enough information
  4294  //      to exist as a standalone account. This account requires you to first complete
  4295  //      phone verification. Follow the steps at Removing a member account from
  4296  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  4297  //      in the AWS Organizations User Guide.
  4298  //
  4299  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  4300  //      of accounts that you can create in one day.
  4301  //
  4302  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  4303  //      the number of accounts in an organization. If you need more accounts,
  4304  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  4305  //      request an increase in your limit. Or the number of invitations that you
  4306  //      tried to send would cause you to exceed the limit of accounts in your
  4307  //      organization. Send fewer invitations or contact AWS Support to request
  4308  //      an increase in the number of accounts. Deleted and closed accounts still
  4309  //      count toward your limit. If you get this exception when running a command
  4310  //      immediately after creating the organization, wait one hour and try again.
  4311  //      After an hour, if the command continues to fail with this error, contact
  4312  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  4313  //
  4314  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  4315  //      register the management account of the organization as a delegated administrator
  4316  //      for an AWS service integrated with Organizations. You can designate only
  4317  //      a member account as a delegated administrator.
  4318  //
  4319  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  4320  //      an account that is registered as a delegated administrator for a service
  4321  //      integrated with your organization. To complete this operation, you must
  4322  //      first deregister this account as a delegated administrator.
  4323  //
  4324  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  4325  //      organization in the specified region, you must enable all features mode.
  4326  //
  4327  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  4328  //      an AWS account as a delegated administrator for an AWS service that already
  4329  //      has a delegated administrator. To complete this operation, you must first
  4330  //      deregister any existing delegated administrators for this service.
  4331  //
  4332  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  4333  //      valid for a limited period of time. You must resubmit the request and
  4334  //      generate a new verfication code.
  4335  //
  4336  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  4337  //      handshakes that you can send in one day.
  4338  //
  4339  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  4340  //      in this organization, you first must migrate the organization's management
  4341  //      account to the marketplace that corresponds to the management account's
  4342  //      address. For example, accounts with India addresses must be associated
  4343  //      with the AISPL marketplace. All accounts in an organization must be associated
  4344  //      with the same marketplace.
  4345  //
  4346  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  4347  //      in China. To create an organization, the master must have a valid business
  4348  //      license. For more information, contact customer support.
  4349  //
  4350  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  4351  //      must first provide a valid contact address and phone number for the management
  4352  //      account. Then try the operation again.
  4353  //
  4354  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  4355  //      management account must have an associated account in the AWS GovCloud
  4356  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  4357  //      in the AWS GovCloud User Guide.
  4358  //
  4359  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  4360  //      with this management account, you first must associate a valid payment
  4361  //      instrument, such as a credit card, with the account. Follow the steps
  4362  //      at To leave an organization when all required account information has
  4363  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  4364  //      in the AWS Organizations User Guide.
  4365  //
  4366  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  4367  //      to register more delegated administrators than allowed for the service
  4368  //      principal.
  4369  //
  4370  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  4371  //      number of policies of a certain type that can be attached to an entity
  4372  //      at one time.
  4373  //
  4374  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  4375  //      on this resource.
  4376  //
  4377  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  4378  //      with this member account, you first must associate a valid payment instrument,
  4379  //      such as a credit card, with the account. Follow the steps at To leave
  4380  //      an organization when all required account information has not yet been
  4381  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  4382  //      in the AWS Organizations User Guide.
  4383  //
  4384  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  4385  //      policy from an entity that would cause the entity to have fewer than the
  4386  //      minimum number of policies of a certain type required.
  4387  //
  4388  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  4389  //      that requires the organization to be configured to support all features.
  4390  //      An organization that supports only consolidated billing features can't
  4391  //      perform this operation.
  4392  //
  4393  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  4394  //      too many levels deep.
  4395  //
  4396  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  4397  //      that you can have in an organization.
  4398  //
  4399  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  4400  //      is larger than the maximum size.
  4401  //
  4402  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  4403  //      policies that you can have in an organization.
  4404  //
  4405  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  4406  //      tags that are not compliant with the tag policy requirements for this
  4407  //      account.
  4408  //
  4409  //   * ServiceException
  4410  //   AWS Organizations can't complete your request because of an internal service
  4411  //   error. Try again later.
  4412  //
  4413  //   * TooManyRequestsException
  4414  //   You have sent too many requests in too short a period of time. The quota
  4415  //   helps protect against denial-of-service attacks. Try again later.
  4416  //
  4417  //   For information about quotas that affect AWS Organizations, see Quotas for
  4418  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  4419  //   the AWS Organizations User Guide.
  4420  //
  4421  //   * TargetNotFoundException
  4422  //   We can't find a root, OU, account, or policy with the TargetId that you specified.
  4423  //
  4424  //   * EffectivePolicyNotFoundException
  4425  //   If you ran this action on the management account, this policy type is not
  4426  //   enabled. If you ran the action on a member account, the account doesn't have
  4427  //   an effective policy of this type. Contact the administrator of your organization
  4428  //   about attaching a policy of this type to the account.
  4429  //
  4430  //   * InvalidInputException
  4431  //   The requested operation failed because you provided invalid values for one
  4432  //   or more of the request parameters. This exception includes a reason that
  4433  //   contains additional information about the violated limit:
  4434  //
  4435  //   Some of the reasons in the following list might not be applicable to this
  4436  //   specific API or operation.
  4437  //
  4438  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  4439  //      the same entity.
  4440  //
  4441  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  4442  //      can't be modified.
  4443  //
  4444  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  4445  //
  4446  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  4447  //      for the invited account owner.
  4448  //
  4449  //      * INVALID_ENUM: You specified an invalid value.
  4450  //
  4451  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  4452  //
  4453  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  4454  //      characters.
  4455  //
  4456  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  4457  //      at least one invalid value.
  4458  //
  4459  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  4460  //      from the response to a previous call of the operation.
  4461  //
  4462  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  4463  //      organization, or email) as a party.
  4464  //
  4465  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  4466  //      pattern.
  4467  //
  4468  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  4469  //      match the required pattern.
  4470  //
  4471  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  4472  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  4473  //
  4474  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  4475  //      Name (ARN) for the organization.
  4476  //
  4477  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  4478  //
  4479  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  4480  //      tag. You can’t add, edit, or delete system tag keys because they're
  4481  //      reserved for AWS use. System tags don’t count against your tags per
  4482  //      resource limit.
  4483  //
  4484  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  4485  //      for the operation.
  4486  //
  4487  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  4488  //      than allowed.
  4489  //
  4490  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  4491  //      value than allowed.
  4492  //
  4493  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  4494  //      than allowed.
  4495  //
  4496  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  4497  //      value than allowed.
  4498  //
  4499  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  4500  //      between entities in the same root.
  4501  //
  4502  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  4503  //      target entity.
  4504  //
  4505  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  4506  //      isn't recognized.
  4507  //
  4508  //   * UnsupportedAPIEndpointException
  4509  //   This action isn't available in the current AWS Region.
  4510  //
  4511  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeEffectivePolicy
  4512  func (c *Organizations) DescribeEffectivePolicy(input *DescribeEffectivePolicyInput) (*DescribeEffectivePolicyOutput, error) {
  4513  	req, out := c.DescribeEffectivePolicyRequest(input)
  4514  	return out, req.Send()
  4515  }
  4516  
  4517  // DescribeEffectivePolicyWithContext is the same as DescribeEffectivePolicy with the addition of
  4518  // the ability to pass a context and additional request options.
  4519  //
  4520  // See DescribeEffectivePolicy for details on how to use this API operation.
  4521  //
  4522  // The context must be non-nil and will be used for request cancellation. If
  4523  // the context is nil a panic will occur. In the future the SDK may create
  4524  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  4525  // for more information on using Contexts.
  4526  func (c *Organizations) DescribeEffectivePolicyWithContext(ctx aws.Context, input *DescribeEffectivePolicyInput, opts ...request.Option) (*DescribeEffectivePolicyOutput, error) {
  4527  	req, out := c.DescribeEffectivePolicyRequest(input)
  4528  	req.SetContext(ctx)
  4529  	req.ApplyOptions(opts...)
  4530  	return out, req.Send()
  4531  }
  4532  
  4533  const opDescribeHandshake = "DescribeHandshake"
  4534  
  4535  // DescribeHandshakeRequest generates a "aws/request.Request" representing the
  4536  // client's request for the DescribeHandshake operation. The "output" return
  4537  // value will be populated with the request's response once the request completes
  4538  // successfully.
  4539  //
  4540  // Use "Send" method on the returned Request to send the API call to the service.
  4541  // the "output" return value is not valid until after Send returns without error.
  4542  //
  4543  // See DescribeHandshake for more information on using the DescribeHandshake
  4544  // API call, and error handling.
  4545  //
  4546  // This method is useful when you want to inject custom logic or configuration
  4547  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  4548  //
  4549  //
  4550  //    // Example sending a request using the DescribeHandshakeRequest method.
  4551  //    req, resp := client.DescribeHandshakeRequest(params)
  4552  //
  4553  //    err := req.Send()
  4554  //    if err == nil { // resp is now filled
  4555  //        fmt.Println(resp)
  4556  //    }
  4557  //
  4558  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
  4559  func (c *Organizations) DescribeHandshakeRequest(input *DescribeHandshakeInput) (req *request.Request, output *DescribeHandshakeOutput) {
  4560  	op := &request.Operation{
  4561  		Name:       opDescribeHandshake,
  4562  		HTTPMethod: "POST",
  4563  		HTTPPath:   "/",
  4564  	}
  4565  
  4566  	if input == nil {
  4567  		input = &DescribeHandshakeInput{}
  4568  	}
  4569  
  4570  	output = &DescribeHandshakeOutput{}
  4571  	req = c.newRequest(op, input, output)
  4572  	return
  4573  }
  4574  
  4575  // DescribeHandshake API operation for AWS Organizations.
  4576  //
  4577  // Retrieves information about a previously requested handshake. The handshake
  4578  // ID comes from the response to the original InviteAccountToOrganization operation
  4579  // that generated the handshake.
  4580  //
  4581  // You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only
  4582  // 30 days after they change to that state. They're then deleted and no longer
  4583  // accessible.
  4584  //
  4585  // This operation can be called from any account in the organization.
  4586  //
  4587  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  4588  // with awserr.Error's Code and Message methods to get detailed information about
  4589  // the error.
  4590  //
  4591  // See the AWS API reference guide for AWS Organizations's
  4592  // API operation DescribeHandshake for usage and error information.
  4593  //
  4594  // Returned Error Types:
  4595  //   * AccessDeniedException
  4596  //   You don't have permissions to perform the requested operation. The user or
  4597  //   role that is making the request must have at least one IAM permissions policy
  4598  //   attached that grants the required permissions. For more information, see
  4599  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  4600  //   in the IAM User Guide.
  4601  //
  4602  //   * ConcurrentModificationException
  4603  //   The target of the operation is currently being modified by a different request.
  4604  //   Try again later.
  4605  //
  4606  //   * HandshakeNotFoundException
  4607  //   We can't find a handshake with the HandshakeId that you specified.
  4608  //
  4609  //   * InvalidInputException
  4610  //   The requested operation failed because you provided invalid values for one
  4611  //   or more of the request parameters. This exception includes a reason that
  4612  //   contains additional information about the violated limit:
  4613  //
  4614  //   Some of the reasons in the following list might not be applicable to this
  4615  //   specific API or operation.
  4616  //
  4617  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  4618  //      the same entity.
  4619  //
  4620  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  4621  //      can't be modified.
  4622  //
  4623  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  4624  //
  4625  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  4626  //      for the invited account owner.
  4627  //
  4628  //      * INVALID_ENUM: You specified an invalid value.
  4629  //
  4630  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  4631  //
  4632  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  4633  //      characters.
  4634  //
  4635  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  4636  //      at least one invalid value.
  4637  //
  4638  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  4639  //      from the response to a previous call of the operation.
  4640  //
  4641  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  4642  //      organization, or email) as a party.
  4643  //
  4644  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  4645  //      pattern.
  4646  //
  4647  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  4648  //      match the required pattern.
  4649  //
  4650  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  4651  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  4652  //
  4653  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  4654  //      Name (ARN) for the organization.
  4655  //
  4656  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  4657  //
  4658  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  4659  //      tag. You can’t add, edit, or delete system tag keys because they're
  4660  //      reserved for AWS use. System tags don’t count against your tags per
  4661  //      resource limit.
  4662  //
  4663  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  4664  //      for the operation.
  4665  //
  4666  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  4667  //      than allowed.
  4668  //
  4669  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  4670  //      value than allowed.
  4671  //
  4672  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  4673  //      than allowed.
  4674  //
  4675  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  4676  //      value than allowed.
  4677  //
  4678  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  4679  //      between entities in the same root.
  4680  //
  4681  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  4682  //      target entity.
  4683  //
  4684  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  4685  //      isn't recognized.
  4686  //
  4687  //   * ServiceException
  4688  //   AWS Organizations can't complete your request because of an internal service
  4689  //   error. Try again later.
  4690  //
  4691  //   * TooManyRequestsException
  4692  //   You have sent too many requests in too short a period of time. The quota
  4693  //   helps protect against denial-of-service attacks. Try again later.
  4694  //
  4695  //   For information about quotas that affect AWS Organizations, see Quotas for
  4696  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  4697  //   the AWS Organizations User Guide.
  4698  //
  4699  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeHandshake
  4700  func (c *Organizations) DescribeHandshake(input *DescribeHandshakeInput) (*DescribeHandshakeOutput, error) {
  4701  	req, out := c.DescribeHandshakeRequest(input)
  4702  	return out, req.Send()
  4703  }
  4704  
  4705  // DescribeHandshakeWithContext is the same as DescribeHandshake with the addition of
  4706  // the ability to pass a context and additional request options.
  4707  //
  4708  // See DescribeHandshake for details on how to use this API operation.
  4709  //
  4710  // The context must be non-nil and will be used for request cancellation. If
  4711  // the context is nil a panic will occur. In the future the SDK may create
  4712  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  4713  // for more information on using Contexts.
  4714  func (c *Organizations) DescribeHandshakeWithContext(ctx aws.Context, input *DescribeHandshakeInput, opts ...request.Option) (*DescribeHandshakeOutput, error) {
  4715  	req, out := c.DescribeHandshakeRequest(input)
  4716  	req.SetContext(ctx)
  4717  	req.ApplyOptions(opts...)
  4718  	return out, req.Send()
  4719  }
  4720  
  4721  const opDescribeOrganization = "DescribeOrganization"
  4722  
  4723  // DescribeOrganizationRequest generates a "aws/request.Request" representing the
  4724  // client's request for the DescribeOrganization operation. The "output" return
  4725  // value will be populated with the request's response once the request completes
  4726  // successfully.
  4727  //
  4728  // Use "Send" method on the returned Request to send the API call to the service.
  4729  // the "output" return value is not valid until after Send returns without error.
  4730  //
  4731  // See DescribeOrganization for more information on using the DescribeOrganization
  4732  // API call, and error handling.
  4733  //
  4734  // This method is useful when you want to inject custom logic or configuration
  4735  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  4736  //
  4737  //
  4738  //    // Example sending a request using the DescribeOrganizationRequest method.
  4739  //    req, resp := client.DescribeOrganizationRequest(params)
  4740  //
  4741  //    err := req.Send()
  4742  //    if err == nil { // resp is now filled
  4743  //        fmt.Println(resp)
  4744  //    }
  4745  //
  4746  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
  4747  func (c *Organizations) DescribeOrganizationRequest(input *DescribeOrganizationInput) (req *request.Request, output *DescribeOrganizationOutput) {
  4748  	op := &request.Operation{
  4749  		Name:       opDescribeOrganization,
  4750  		HTTPMethod: "POST",
  4751  		HTTPPath:   "/",
  4752  	}
  4753  
  4754  	if input == nil {
  4755  		input = &DescribeOrganizationInput{}
  4756  	}
  4757  
  4758  	output = &DescribeOrganizationOutput{}
  4759  	req = c.newRequest(op, input, output)
  4760  	return
  4761  }
  4762  
  4763  // DescribeOrganization API operation for AWS Organizations.
  4764  //
  4765  // Retrieves information about the organization that the user's account belongs
  4766  // to.
  4767  //
  4768  // This operation can be called from any account in the organization.
  4769  //
  4770  // Even if a policy type is shown as available in the organization, you can
  4771  // disable it separately at the root level with DisablePolicyType. Use ListRoots
  4772  // to see the status of policy types for a specified root.
  4773  //
  4774  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  4775  // with awserr.Error's Code and Message methods to get detailed information about
  4776  // the error.
  4777  //
  4778  // See the AWS API reference guide for AWS Organizations's
  4779  // API operation DescribeOrganization for usage and error information.
  4780  //
  4781  // Returned Error Types:
  4782  //   * AccessDeniedException
  4783  //   You don't have permissions to perform the requested operation. The user or
  4784  //   role that is making the request must have at least one IAM permissions policy
  4785  //   attached that grants the required permissions. For more information, see
  4786  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  4787  //   in the IAM User Guide.
  4788  //
  4789  //   * AWSOrganizationsNotInUseException
  4790  //   Your account isn't a member of an organization. To make this request, you
  4791  //   must use the credentials of an account that belongs to an organization.
  4792  //
  4793  //   * ConcurrentModificationException
  4794  //   The target of the operation is currently being modified by a different request.
  4795  //   Try again later.
  4796  //
  4797  //   * ServiceException
  4798  //   AWS Organizations can't complete your request because of an internal service
  4799  //   error. Try again later.
  4800  //
  4801  //   * TooManyRequestsException
  4802  //   You have sent too many requests in too short a period of time. The quota
  4803  //   helps protect against denial-of-service attacks. Try again later.
  4804  //
  4805  //   For information about quotas that affect AWS Organizations, see Quotas for
  4806  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  4807  //   the AWS Organizations User Guide.
  4808  //
  4809  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganization
  4810  func (c *Organizations) DescribeOrganization(input *DescribeOrganizationInput) (*DescribeOrganizationOutput, error) {
  4811  	req, out := c.DescribeOrganizationRequest(input)
  4812  	return out, req.Send()
  4813  }
  4814  
  4815  // DescribeOrganizationWithContext is the same as DescribeOrganization with the addition of
  4816  // the ability to pass a context and additional request options.
  4817  //
  4818  // See DescribeOrganization for details on how to use this API operation.
  4819  //
  4820  // The context must be non-nil and will be used for request cancellation. If
  4821  // the context is nil a panic will occur. In the future the SDK may create
  4822  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  4823  // for more information on using Contexts.
  4824  func (c *Organizations) DescribeOrganizationWithContext(ctx aws.Context, input *DescribeOrganizationInput, opts ...request.Option) (*DescribeOrganizationOutput, error) {
  4825  	req, out := c.DescribeOrganizationRequest(input)
  4826  	req.SetContext(ctx)
  4827  	req.ApplyOptions(opts...)
  4828  	return out, req.Send()
  4829  }
  4830  
  4831  const opDescribeOrganizationalUnit = "DescribeOrganizationalUnit"
  4832  
  4833  // DescribeOrganizationalUnitRequest generates a "aws/request.Request" representing the
  4834  // client's request for the DescribeOrganizationalUnit operation. The "output" return
  4835  // value will be populated with the request's response once the request completes
  4836  // successfully.
  4837  //
  4838  // Use "Send" method on the returned Request to send the API call to the service.
  4839  // the "output" return value is not valid until after Send returns without error.
  4840  //
  4841  // See DescribeOrganizationalUnit for more information on using the DescribeOrganizationalUnit
  4842  // API call, and error handling.
  4843  //
  4844  // This method is useful when you want to inject custom logic or configuration
  4845  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  4846  //
  4847  //
  4848  //    // Example sending a request using the DescribeOrganizationalUnitRequest method.
  4849  //    req, resp := client.DescribeOrganizationalUnitRequest(params)
  4850  //
  4851  //    err := req.Send()
  4852  //    if err == nil { // resp is now filled
  4853  //        fmt.Println(resp)
  4854  //    }
  4855  //
  4856  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
  4857  func (c *Organizations) DescribeOrganizationalUnitRequest(input *DescribeOrganizationalUnitInput) (req *request.Request, output *DescribeOrganizationalUnitOutput) {
  4858  	op := &request.Operation{
  4859  		Name:       opDescribeOrganizationalUnit,
  4860  		HTTPMethod: "POST",
  4861  		HTTPPath:   "/",
  4862  	}
  4863  
  4864  	if input == nil {
  4865  		input = &DescribeOrganizationalUnitInput{}
  4866  	}
  4867  
  4868  	output = &DescribeOrganizationalUnitOutput{}
  4869  	req = c.newRequest(op, input, output)
  4870  	return
  4871  }
  4872  
  4873  // DescribeOrganizationalUnit API operation for AWS Organizations.
  4874  //
  4875  // Retrieves information about an organizational unit (OU).
  4876  //
  4877  // This operation can be called only from the organization's management account
  4878  // or by a member account that is a delegated administrator for an AWS service.
  4879  //
  4880  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  4881  // with awserr.Error's Code and Message methods to get detailed information about
  4882  // the error.
  4883  //
  4884  // See the AWS API reference guide for AWS Organizations's
  4885  // API operation DescribeOrganizationalUnit for usage and error information.
  4886  //
  4887  // Returned Error Types:
  4888  //   * AccessDeniedException
  4889  //   You don't have permissions to perform the requested operation. The user or
  4890  //   role that is making the request must have at least one IAM permissions policy
  4891  //   attached that grants the required permissions. For more information, see
  4892  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  4893  //   in the IAM User Guide.
  4894  //
  4895  //   * AWSOrganizationsNotInUseException
  4896  //   Your account isn't a member of an organization. To make this request, you
  4897  //   must use the credentials of an account that belongs to an organization.
  4898  //
  4899  //   * InvalidInputException
  4900  //   The requested operation failed because you provided invalid values for one
  4901  //   or more of the request parameters. This exception includes a reason that
  4902  //   contains additional information about the violated limit:
  4903  //
  4904  //   Some of the reasons in the following list might not be applicable to this
  4905  //   specific API or operation.
  4906  //
  4907  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  4908  //      the same entity.
  4909  //
  4910  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  4911  //      can't be modified.
  4912  //
  4913  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  4914  //
  4915  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  4916  //      for the invited account owner.
  4917  //
  4918  //      * INVALID_ENUM: You specified an invalid value.
  4919  //
  4920  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  4921  //
  4922  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  4923  //      characters.
  4924  //
  4925  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  4926  //      at least one invalid value.
  4927  //
  4928  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  4929  //      from the response to a previous call of the operation.
  4930  //
  4931  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  4932  //      organization, or email) as a party.
  4933  //
  4934  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  4935  //      pattern.
  4936  //
  4937  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  4938  //      match the required pattern.
  4939  //
  4940  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  4941  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  4942  //
  4943  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  4944  //      Name (ARN) for the organization.
  4945  //
  4946  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  4947  //
  4948  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  4949  //      tag. You can’t add, edit, or delete system tag keys because they're
  4950  //      reserved for AWS use. System tags don’t count against your tags per
  4951  //      resource limit.
  4952  //
  4953  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  4954  //      for the operation.
  4955  //
  4956  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  4957  //      than allowed.
  4958  //
  4959  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  4960  //      value than allowed.
  4961  //
  4962  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  4963  //      than allowed.
  4964  //
  4965  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  4966  //      value than allowed.
  4967  //
  4968  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  4969  //      between entities in the same root.
  4970  //
  4971  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  4972  //      target entity.
  4973  //
  4974  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  4975  //      isn't recognized.
  4976  //
  4977  //   * OrganizationalUnitNotFoundException
  4978  //   We can't find an OU with the OrganizationalUnitId that you specified.
  4979  //
  4980  //   * ServiceException
  4981  //   AWS Organizations can't complete your request because of an internal service
  4982  //   error. Try again later.
  4983  //
  4984  //   * TooManyRequestsException
  4985  //   You have sent too many requests in too short a period of time. The quota
  4986  //   helps protect against denial-of-service attacks. Try again later.
  4987  //
  4988  //   For information about quotas that affect AWS Organizations, see Quotas for
  4989  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  4990  //   the AWS Organizations User Guide.
  4991  //
  4992  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribeOrganizationalUnit
  4993  func (c *Organizations) DescribeOrganizationalUnit(input *DescribeOrganizationalUnitInput) (*DescribeOrganizationalUnitOutput, error) {
  4994  	req, out := c.DescribeOrganizationalUnitRequest(input)
  4995  	return out, req.Send()
  4996  }
  4997  
  4998  // DescribeOrganizationalUnitWithContext is the same as DescribeOrganizationalUnit with the addition of
  4999  // the ability to pass a context and additional request options.
  5000  //
  5001  // See DescribeOrganizationalUnit for details on how to use this API operation.
  5002  //
  5003  // The context must be non-nil and will be used for request cancellation. If
  5004  // the context is nil a panic will occur. In the future the SDK may create
  5005  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  5006  // for more information on using Contexts.
  5007  func (c *Organizations) DescribeOrganizationalUnitWithContext(ctx aws.Context, input *DescribeOrganizationalUnitInput, opts ...request.Option) (*DescribeOrganizationalUnitOutput, error) {
  5008  	req, out := c.DescribeOrganizationalUnitRequest(input)
  5009  	req.SetContext(ctx)
  5010  	req.ApplyOptions(opts...)
  5011  	return out, req.Send()
  5012  }
  5013  
  5014  const opDescribePolicy = "DescribePolicy"
  5015  
  5016  // DescribePolicyRequest generates a "aws/request.Request" representing the
  5017  // client's request for the DescribePolicy operation. The "output" return
  5018  // value will be populated with the request's response once the request completes
  5019  // successfully.
  5020  //
  5021  // Use "Send" method on the returned Request to send the API call to the service.
  5022  // the "output" return value is not valid until after Send returns without error.
  5023  //
  5024  // See DescribePolicy for more information on using the DescribePolicy
  5025  // API call, and error handling.
  5026  //
  5027  // This method is useful when you want to inject custom logic or configuration
  5028  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  5029  //
  5030  //
  5031  //    // Example sending a request using the DescribePolicyRequest method.
  5032  //    req, resp := client.DescribePolicyRequest(params)
  5033  //
  5034  //    err := req.Send()
  5035  //    if err == nil { // resp is now filled
  5036  //        fmt.Println(resp)
  5037  //    }
  5038  //
  5039  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
  5040  func (c *Organizations) DescribePolicyRequest(input *DescribePolicyInput) (req *request.Request, output *DescribePolicyOutput) {
  5041  	op := &request.Operation{
  5042  		Name:       opDescribePolicy,
  5043  		HTTPMethod: "POST",
  5044  		HTTPPath:   "/",
  5045  	}
  5046  
  5047  	if input == nil {
  5048  		input = &DescribePolicyInput{}
  5049  	}
  5050  
  5051  	output = &DescribePolicyOutput{}
  5052  	req = c.newRequest(op, input, output)
  5053  	return
  5054  }
  5055  
  5056  // DescribePolicy API operation for AWS Organizations.
  5057  //
  5058  // Retrieves information about a policy.
  5059  //
  5060  // This operation can be called only from the organization's management account
  5061  // or by a member account that is a delegated administrator for an AWS service.
  5062  //
  5063  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  5064  // with awserr.Error's Code and Message methods to get detailed information about
  5065  // the error.
  5066  //
  5067  // See the AWS API reference guide for AWS Organizations's
  5068  // API operation DescribePolicy for usage and error information.
  5069  //
  5070  // Returned Error Types:
  5071  //   * AccessDeniedException
  5072  //   You don't have permissions to perform the requested operation. The user or
  5073  //   role that is making the request must have at least one IAM permissions policy
  5074  //   attached that grants the required permissions. For more information, see
  5075  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  5076  //   in the IAM User Guide.
  5077  //
  5078  //   * AWSOrganizationsNotInUseException
  5079  //   Your account isn't a member of an organization. To make this request, you
  5080  //   must use the credentials of an account that belongs to an organization.
  5081  //
  5082  //   * InvalidInputException
  5083  //   The requested operation failed because you provided invalid values for one
  5084  //   or more of the request parameters. This exception includes a reason that
  5085  //   contains additional information about the violated limit:
  5086  //
  5087  //   Some of the reasons in the following list might not be applicable to this
  5088  //   specific API or operation.
  5089  //
  5090  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  5091  //      the same entity.
  5092  //
  5093  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  5094  //      can't be modified.
  5095  //
  5096  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  5097  //
  5098  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  5099  //      for the invited account owner.
  5100  //
  5101  //      * INVALID_ENUM: You specified an invalid value.
  5102  //
  5103  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  5104  //
  5105  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  5106  //      characters.
  5107  //
  5108  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  5109  //      at least one invalid value.
  5110  //
  5111  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  5112  //      from the response to a previous call of the operation.
  5113  //
  5114  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  5115  //      organization, or email) as a party.
  5116  //
  5117  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  5118  //      pattern.
  5119  //
  5120  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  5121  //      match the required pattern.
  5122  //
  5123  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  5124  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  5125  //
  5126  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  5127  //      Name (ARN) for the organization.
  5128  //
  5129  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  5130  //
  5131  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  5132  //      tag. You can’t add, edit, or delete system tag keys because they're
  5133  //      reserved for AWS use. System tags don’t count against your tags per
  5134  //      resource limit.
  5135  //
  5136  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  5137  //      for the operation.
  5138  //
  5139  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  5140  //      than allowed.
  5141  //
  5142  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  5143  //      value than allowed.
  5144  //
  5145  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  5146  //      than allowed.
  5147  //
  5148  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  5149  //      value than allowed.
  5150  //
  5151  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  5152  //      between entities in the same root.
  5153  //
  5154  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  5155  //      target entity.
  5156  //
  5157  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  5158  //      isn't recognized.
  5159  //
  5160  //   * PolicyNotFoundException
  5161  //   We can't find a policy with the PolicyId that you specified.
  5162  //
  5163  //   * ServiceException
  5164  //   AWS Organizations can't complete your request because of an internal service
  5165  //   error. Try again later.
  5166  //
  5167  //   * TooManyRequestsException
  5168  //   You have sent too many requests in too short a period of time. The quota
  5169  //   helps protect against denial-of-service attacks. Try again later.
  5170  //
  5171  //   For information about quotas that affect AWS Organizations, see Quotas for
  5172  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  5173  //   the AWS Organizations User Guide.
  5174  //
  5175  //   * UnsupportedAPIEndpointException
  5176  //   This action isn't available in the current AWS Region.
  5177  //
  5178  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DescribePolicy
  5179  func (c *Organizations) DescribePolicy(input *DescribePolicyInput) (*DescribePolicyOutput, error) {
  5180  	req, out := c.DescribePolicyRequest(input)
  5181  	return out, req.Send()
  5182  }
  5183  
  5184  // DescribePolicyWithContext is the same as DescribePolicy with the addition of
  5185  // the ability to pass a context and additional request options.
  5186  //
  5187  // See DescribePolicy for details on how to use this API operation.
  5188  //
  5189  // The context must be non-nil and will be used for request cancellation. If
  5190  // the context is nil a panic will occur. In the future the SDK may create
  5191  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  5192  // for more information on using Contexts.
  5193  func (c *Organizations) DescribePolicyWithContext(ctx aws.Context, input *DescribePolicyInput, opts ...request.Option) (*DescribePolicyOutput, error) {
  5194  	req, out := c.DescribePolicyRequest(input)
  5195  	req.SetContext(ctx)
  5196  	req.ApplyOptions(opts...)
  5197  	return out, req.Send()
  5198  }
  5199  
  5200  const opDetachPolicy = "DetachPolicy"
  5201  
  5202  // DetachPolicyRequest generates a "aws/request.Request" representing the
  5203  // client's request for the DetachPolicy operation. The "output" return
  5204  // value will be populated with the request's response once the request completes
  5205  // successfully.
  5206  //
  5207  // Use "Send" method on the returned Request to send the API call to the service.
  5208  // the "output" return value is not valid until after Send returns without error.
  5209  //
  5210  // See DetachPolicy for more information on using the DetachPolicy
  5211  // API call, and error handling.
  5212  //
  5213  // This method is useful when you want to inject custom logic or configuration
  5214  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  5215  //
  5216  //
  5217  //    // Example sending a request using the DetachPolicyRequest method.
  5218  //    req, resp := client.DetachPolicyRequest(params)
  5219  //
  5220  //    err := req.Send()
  5221  //    if err == nil { // resp is now filled
  5222  //        fmt.Println(resp)
  5223  //    }
  5224  //
  5225  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
  5226  func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *request.Request, output *DetachPolicyOutput) {
  5227  	op := &request.Operation{
  5228  		Name:       opDetachPolicy,
  5229  		HTTPMethod: "POST",
  5230  		HTTPPath:   "/",
  5231  	}
  5232  
  5233  	if input == nil {
  5234  		input = &DetachPolicyInput{}
  5235  	}
  5236  
  5237  	output = &DetachPolicyOutput{}
  5238  	req = c.newRequest(op, input, output)
  5239  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
  5240  	return
  5241  }
  5242  
  5243  // DetachPolicy API operation for AWS Organizations.
  5244  //
  5245  // Detaches a policy from a target root, organizational unit (OU), or account.
  5246  //
  5247  // If the policy being detached is a service control policy (SCP), the changes
  5248  // to permissions for AWS Identity and Access Management (IAM) users and roles
  5249  // in affected accounts are immediate.
  5250  //
  5251  // Every root, OU, and account must have at least one SCP attached. If you want
  5252  // to replace the default FullAWSAccess policy with an SCP that limits the permissions
  5253  // that can be delegated, you must attach the replacement SCP before you can
  5254  // remove the default SCP. This is the authorization strategy of an "allow list
  5255  // (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_allowlist)".
  5256  // If you instead attach a second SCP and leave the FullAWSAccess SCP still
  5257  // attached, and specify "Effect": "Deny" in the second SCP to override the
  5258  // "Effect": "Allow" in the FullAWSAccess policy (or any other attached SCP),
  5259  // you're using the authorization strategy of a "deny list (https://docs.aws.amazon.com/organizations/latest/userguide/SCP_strategies.html#orgs_policies_denylist)".
  5260  //
  5261  // This operation can be called only from the organization's management account.
  5262  //
  5263  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  5264  // with awserr.Error's Code and Message methods to get detailed information about
  5265  // the error.
  5266  //
  5267  // See the AWS API reference guide for AWS Organizations's
  5268  // API operation DetachPolicy for usage and error information.
  5269  //
  5270  // Returned Error Types:
  5271  //   * AccessDeniedException
  5272  //   You don't have permissions to perform the requested operation. The user or
  5273  //   role that is making the request must have at least one IAM permissions policy
  5274  //   attached that grants the required permissions. For more information, see
  5275  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  5276  //   in the IAM User Guide.
  5277  //
  5278  //   * AWSOrganizationsNotInUseException
  5279  //   Your account isn't a member of an organization. To make this request, you
  5280  //   must use the credentials of an account that belongs to an organization.
  5281  //
  5282  //   * ConcurrentModificationException
  5283  //   The target of the operation is currently being modified by a different request.
  5284  //   Try again later.
  5285  //
  5286  //   * ConstraintViolationException
  5287  //   Performing this operation violates a minimum or maximum value limit. For
  5288  //   example, attempting to remove the last service control policy (SCP) from
  5289  //   an OU or root, inviting or creating too many accounts to the organization,
  5290  //   or attaching too many policies to an account, OU, or root. This exception
  5291  //   includes a reason that contains additional information about the violated
  5292  //   limit:
  5293  //
  5294  //   Some of the reasons in the following list might not be applicable to this
  5295  //   specific API or operation.
  5296  //
  5297  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  5298  //      account from the organization. You can't remove the management account.
  5299  //      Instead, after you remove all member accounts, delete the organization
  5300  //      itself.
  5301  //
  5302  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  5303  //      from the organization that doesn't yet have enough information to exist
  5304  //      as a standalone account. This account requires you to first agree to the
  5305  //      AWS Customer Agreement. Follow the steps at Removing a member account
  5306  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  5307  //      the AWS Organizations User Guide.
  5308  //
  5309  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  5310  //      an account from the organization that doesn't yet have enough information
  5311  //      to exist as a standalone account. This account requires you to first complete
  5312  //      phone verification. Follow the steps at Removing a member account from
  5313  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  5314  //      in the AWS Organizations User Guide.
  5315  //
  5316  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  5317  //      of accounts that you can create in one day.
  5318  //
  5319  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  5320  //      the number of accounts in an organization. If you need more accounts,
  5321  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  5322  //      request an increase in your limit. Or the number of invitations that you
  5323  //      tried to send would cause you to exceed the limit of accounts in your
  5324  //      organization. Send fewer invitations or contact AWS Support to request
  5325  //      an increase in the number of accounts. Deleted and closed accounts still
  5326  //      count toward your limit. If you get this exception when running a command
  5327  //      immediately after creating the organization, wait one hour and try again.
  5328  //      After an hour, if the command continues to fail with this error, contact
  5329  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  5330  //
  5331  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  5332  //      register the management account of the organization as a delegated administrator
  5333  //      for an AWS service integrated with Organizations. You can designate only
  5334  //      a member account as a delegated administrator.
  5335  //
  5336  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  5337  //      an account that is registered as a delegated administrator for a service
  5338  //      integrated with your organization. To complete this operation, you must
  5339  //      first deregister this account as a delegated administrator.
  5340  //
  5341  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  5342  //      organization in the specified region, you must enable all features mode.
  5343  //
  5344  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  5345  //      an AWS account as a delegated administrator for an AWS service that already
  5346  //      has a delegated administrator. To complete this operation, you must first
  5347  //      deregister any existing delegated administrators for this service.
  5348  //
  5349  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  5350  //      valid for a limited period of time. You must resubmit the request and
  5351  //      generate a new verfication code.
  5352  //
  5353  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  5354  //      handshakes that you can send in one day.
  5355  //
  5356  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  5357  //      in this organization, you first must migrate the organization's management
  5358  //      account to the marketplace that corresponds to the management account's
  5359  //      address. For example, accounts with India addresses must be associated
  5360  //      with the AISPL marketplace. All accounts in an organization must be associated
  5361  //      with the same marketplace.
  5362  //
  5363  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  5364  //      in China. To create an organization, the master must have a valid business
  5365  //      license. For more information, contact customer support.
  5366  //
  5367  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  5368  //      must first provide a valid contact address and phone number for the management
  5369  //      account. Then try the operation again.
  5370  //
  5371  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  5372  //      management account must have an associated account in the AWS GovCloud
  5373  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  5374  //      in the AWS GovCloud User Guide.
  5375  //
  5376  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  5377  //      with this management account, you first must associate a valid payment
  5378  //      instrument, such as a credit card, with the account. Follow the steps
  5379  //      at To leave an organization when all required account information has
  5380  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  5381  //      in the AWS Organizations User Guide.
  5382  //
  5383  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  5384  //      to register more delegated administrators than allowed for the service
  5385  //      principal.
  5386  //
  5387  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  5388  //      number of policies of a certain type that can be attached to an entity
  5389  //      at one time.
  5390  //
  5391  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  5392  //      on this resource.
  5393  //
  5394  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  5395  //      with this member account, you first must associate a valid payment instrument,
  5396  //      such as a credit card, with the account. Follow the steps at To leave
  5397  //      an organization when all required account information has not yet been
  5398  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  5399  //      in the AWS Organizations User Guide.
  5400  //
  5401  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  5402  //      policy from an entity that would cause the entity to have fewer than the
  5403  //      minimum number of policies of a certain type required.
  5404  //
  5405  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  5406  //      that requires the organization to be configured to support all features.
  5407  //      An organization that supports only consolidated billing features can't
  5408  //      perform this operation.
  5409  //
  5410  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  5411  //      too many levels deep.
  5412  //
  5413  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  5414  //      that you can have in an organization.
  5415  //
  5416  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  5417  //      is larger than the maximum size.
  5418  //
  5419  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  5420  //      policies that you can have in an organization.
  5421  //
  5422  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  5423  //      tags that are not compliant with the tag policy requirements for this
  5424  //      account.
  5425  //
  5426  //   * InvalidInputException
  5427  //   The requested operation failed because you provided invalid values for one
  5428  //   or more of the request parameters. This exception includes a reason that
  5429  //   contains additional information about the violated limit:
  5430  //
  5431  //   Some of the reasons in the following list might not be applicable to this
  5432  //   specific API or operation.
  5433  //
  5434  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  5435  //      the same entity.
  5436  //
  5437  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  5438  //      can't be modified.
  5439  //
  5440  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  5441  //
  5442  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  5443  //      for the invited account owner.
  5444  //
  5445  //      * INVALID_ENUM: You specified an invalid value.
  5446  //
  5447  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  5448  //
  5449  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  5450  //      characters.
  5451  //
  5452  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  5453  //      at least one invalid value.
  5454  //
  5455  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  5456  //      from the response to a previous call of the operation.
  5457  //
  5458  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  5459  //      organization, or email) as a party.
  5460  //
  5461  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  5462  //      pattern.
  5463  //
  5464  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  5465  //      match the required pattern.
  5466  //
  5467  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  5468  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  5469  //
  5470  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  5471  //      Name (ARN) for the organization.
  5472  //
  5473  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  5474  //
  5475  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  5476  //      tag. You can’t add, edit, or delete system tag keys because they're
  5477  //      reserved for AWS use. System tags don’t count against your tags per
  5478  //      resource limit.
  5479  //
  5480  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  5481  //      for the operation.
  5482  //
  5483  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  5484  //      than allowed.
  5485  //
  5486  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  5487  //      value than allowed.
  5488  //
  5489  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  5490  //      than allowed.
  5491  //
  5492  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  5493  //      value than allowed.
  5494  //
  5495  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  5496  //      between entities in the same root.
  5497  //
  5498  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  5499  //      target entity.
  5500  //
  5501  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  5502  //      isn't recognized.
  5503  //
  5504  //   * PolicyNotAttachedException
  5505  //   The policy isn't attached to the specified target in the specified root.
  5506  //
  5507  //   * PolicyNotFoundException
  5508  //   We can't find a policy with the PolicyId that you specified.
  5509  //
  5510  //   * ServiceException
  5511  //   AWS Organizations can't complete your request because of an internal service
  5512  //   error. Try again later.
  5513  //
  5514  //   * TargetNotFoundException
  5515  //   We can't find a root, OU, account, or policy with the TargetId that you specified.
  5516  //
  5517  //   * TooManyRequestsException
  5518  //   You have sent too many requests in too short a period of time. The quota
  5519  //   helps protect against denial-of-service attacks. Try again later.
  5520  //
  5521  //   For information about quotas that affect AWS Organizations, see Quotas for
  5522  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  5523  //   the AWS Organizations User Guide.
  5524  //
  5525  //   * UnsupportedAPIEndpointException
  5526  //   This action isn't available in the current AWS Region.
  5527  //
  5528  //   * PolicyChangesInProgressException
  5529  //   Changes to the effective policy are in progress, and its contents can't be
  5530  //   returned. Try the operation again later.
  5531  //
  5532  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DetachPolicy
  5533  func (c *Organizations) DetachPolicy(input *DetachPolicyInput) (*DetachPolicyOutput, error) {
  5534  	req, out := c.DetachPolicyRequest(input)
  5535  	return out, req.Send()
  5536  }
  5537  
  5538  // DetachPolicyWithContext is the same as DetachPolicy with the addition of
  5539  // the ability to pass a context and additional request options.
  5540  //
  5541  // See DetachPolicy for details on how to use this API operation.
  5542  //
  5543  // The context must be non-nil and will be used for request cancellation. If
  5544  // the context is nil a panic will occur. In the future the SDK may create
  5545  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  5546  // for more information on using Contexts.
  5547  func (c *Organizations) DetachPolicyWithContext(ctx aws.Context, input *DetachPolicyInput, opts ...request.Option) (*DetachPolicyOutput, error) {
  5548  	req, out := c.DetachPolicyRequest(input)
  5549  	req.SetContext(ctx)
  5550  	req.ApplyOptions(opts...)
  5551  	return out, req.Send()
  5552  }
  5553  
  5554  const opDisableAWSServiceAccess = "DisableAWSServiceAccess"
  5555  
  5556  // DisableAWSServiceAccessRequest generates a "aws/request.Request" representing the
  5557  // client's request for the DisableAWSServiceAccess operation. The "output" return
  5558  // value will be populated with the request's response once the request completes
  5559  // successfully.
  5560  //
  5561  // Use "Send" method on the returned Request to send the API call to the service.
  5562  // the "output" return value is not valid until after Send returns without error.
  5563  //
  5564  // See DisableAWSServiceAccess for more information on using the DisableAWSServiceAccess
  5565  // API call, and error handling.
  5566  //
  5567  // This method is useful when you want to inject custom logic or configuration
  5568  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  5569  //
  5570  //
  5571  //    // Example sending a request using the DisableAWSServiceAccessRequest method.
  5572  //    req, resp := client.DisableAWSServiceAccessRequest(params)
  5573  //
  5574  //    err := req.Send()
  5575  //    if err == nil { // resp is now filled
  5576  //        fmt.Println(resp)
  5577  //    }
  5578  //
  5579  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
  5580  func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceAccessInput) (req *request.Request, output *DisableAWSServiceAccessOutput) {
  5581  	op := &request.Operation{
  5582  		Name:       opDisableAWSServiceAccess,
  5583  		HTTPMethod: "POST",
  5584  		HTTPPath:   "/",
  5585  	}
  5586  
  5587  	if input == nil {
  5588  		input = &DisableAWSServiceAccessInput{}
  5589  	}
  5590  
  5591  	output = &DisableAWSServiceAccessOutput{}
  5592  	req = c.newRequest(op, input, output)
  5593  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
  5594  	return
  5595  }
  5596  
  5597  // DisableAWSServiceAccess API operation for AWS Organizations.
  5598  //
  5599  // Disables the integration of an AWS service (the service that is specified
  5600  // by ServicePrincipal) with AWS Organizations. When you disable integration,
  5601  // the specified service no longer can create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
  5602  // in new accounts in your organization. This means the service can't perform
  5603  // operations on your behalf on any new accounts in your organization. The service
  5604  // can still perform operations in older accounts until the service completes
  5605  // its clean-up from AWS Organizations.
  5606  //
  5607  // We strongly recommend that you don't use this command to disable integration
  5608  // between AWS Organizations and the specified AWS service. Instead, use the
  5609  // console or commands that are provided by the specified service. This lets
  5610  // the trusted service perform any required initialization when enabling trusted
  5611  // access, such as creating any required resources and any required clean up
  5612  // of resources when disabling trusted access.
  5613  //
  5614  // For information about how to disable trusted service access to your organization
  5615  // using the trusted service, see the Learn more link under the Supports Trusted
  5616  // Access column at AWS services that you can use with AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html).
  5617  // on this page.
  5618  //
  5619  // If you disable access by using this command, it causes the following actions
  5620  // to occur:
  5621  //
  5622  //    * The service can no longer create a service-linked role in the accounts
  5623  //    in your organization. This means that the service can't perform operations
  5624  //    on your behalf on any new accounts in your organization. The service can
  5625  //    still perform operations in older accounts until the service completes
  5626  //    its clean-up from AWS Organizations.
  5627  //
  5628  //    * The service can no longer perform tasks in the member accounts in the
  5629  //    organization, unless those operations are explicitly permitted by the
  5630  //    IAM policies that are attached to your roles. This includes any data aggregation
  5631  //    from the member accounts to the management account, or to a delegated
  5632  //    administrator account, where relevant.
  5633  //
  5634  //    * Some services detect this and clean up any remaining data or resources
  5635  //    related to the integration, while other services stop accessing the organization
  5636  //    but leave any historical data and configuration in place to support a
  5637  //    possible re-enabling of the integration.
  5638  //
  5639  // Using the other service's console or commands to disable the integration
  5640  // ensures that the other service is aware that it can clean up any resources
  5641  // that are required only for the integration. How the service cleans up its
  5642  // resources in the organization's accounts depends on that service. For more
  5643  // information, see the documentation for the other AWS service.
  5644  //
  5645  // After you perform the DisableAWSServiceAccess operation, the specified service
  5646  // can no longer perform operations in your organization's accounts
  5647  //
  5648  // For more information about integrating other services with AWS Organizations,
  5649  // including the list of services that work with Organizations, see Integrating
  5650  // AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
  5651  // in the AWS Organizations User Guide.
  5652  //
  5653  // This operation can be called only from the organization's management account.
  5654  //
  5655  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  5656  // with awserr.Error's Code and Message methods to get detailed information about
  5657  // the error.
  5658  //
  5659  // See the AWS API reference guide for AWS Organizations's
  5660  // API operation DisableAWSServiceAccess for usage and error information.
  5661  //
  5662  // Returned Error Types:
  5663  //   * AccessDeniedException
  5664  //   You don't have permissions to perform the requested operation. The user or
  5665  //   role that is making the request must have at least one IAM permissions policy
  5666  //   attached that grants the required permissions. For more information, see
  5667  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  5668  //   in the IAM User Guide.
  5669  //
  5670  //   * AWSOrganizationsNotInUseException
  5671  //   Your account isn't a member of an organization. To make this request, you
  5672  //   must use the credentials of an account that belongs to an organization.
  5673  //
  5674  //   * ConcurrentModificationException
  5675  //   The target of the operation is currently being modified by a different request.
  5676  //   Try again later.
  5677  //
  5678  //   * ConstraintViolationException
  5679  //   Performing this operation violates a minimum or maximum value limit. For
  5680  //   example, attempting to remove the last service control policy (SCP) from
  5681  //   an OU or root, inviting or creating too many accounts to the organization,
  5682  //   or attaching too many policies to an account, OU, or root. This exception
  5683  //   includes a reason that contains additional information about the violated
  5684  //   limit:
  5685  //
  5686  //   Some of the reasons in the following list might not be applicable to this
  5687  //   specific API or operation.
  5688  //
  5689  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  5690  //      account from the organization. You can't remove the management account.
  5691  //      Instead, after you remove all member accounts, delete the organization
  5692  //      itself.
  5693  //
  5694  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  5695  //      from the organization that doesn't yet have enough information to exist
  5696  //      as a standalone account. This account requires you to first agree to the
  5697  //      AWS Customer Agreement. Follow the steps at Removing a member account
  5698  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  5699  //      the AWS Organizations User Guide.
  5700  //
  5701  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  5702  //      an account from the organization that doesn't yet have enough information
  5703  //      to exist as a standalone account. This account requires you to first complete
  5704  //      phone verification. Follow the steps at Removing a member account from
  5705  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  5706  //      in the AWS Organizations User Guide.
  5707  //
  5708  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  5709  //      of accounts that you can create in one day.
  5710  //
  5711  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  5712  //      the number of accounts in an organization. If you need more accounts,
  5713  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  5714  //      request an increase in your limit. Or the number of invitations that you
  5715  //      tried to send would cause you to exceed the limit of accounts in your
  5716  //      organization. Send fewer invitations or contact AWS Support to request
  5717  //      an increase in the number of accounts. Deleted and closed accounts still
  5718  //      count toward your limit. If you get this exception when running a command
  5719  //      immediately after creating the organization, wait one hour and try again.
  5720  //      After an hour, if the command continues to fail with this error, contact
  5721  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  5722  //
  5723  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  5724  //      register the management account of the organization as a delegated administrator
  5725  //      for an AWS service integrated with Organizations. You can designate only
  5726  //      a member account as a delegated administrator.
  5727  //
  5728  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  5729  //      an account that is registered as a delegated administrator for a service
  5730  //      integrated with your organization. To complete this operation, you must
  5731  //      first deregister this account as a delegated administrator.
  5732  //
  5733  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  5734  //      organization in the specified region, you must enable all features mode.
  5735  //
  5736  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  5737  //      an AWS account as a delegated administrator for an AWS service that already
  5738  //      has a delegated administrator. To complete this operation, you must first
  5739  //      deregister any existing delegated administrators for this service.
  5740  //
  5741  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  5742  //      valid for a limited period of time. You must resubmit the request and
  5743  //      generate a new verfication code.
  5744  //
  5745  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  5746  //      handshakes that you can send in one day.
  5747  //
  5748  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  5749  //      in this organization, you first must migrate the organization's management
  5750  //      account to the marketplace that corresponds to the management account's
  5751  //      address. For example, accounts with India addresses must be associated
  5752  //      with the AISPL marketplace. All accounts in an organization must be associated
  5753  //      with the same marketplace.
  5754  //
  5755  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  5756  //      in China. To create an organization, the master must have a valid business
  5757  //      license. For more information, contact customer support.
  5758  //
  5759  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  5760  //      must first provide a valid contact address and phone number for the management
  5761  //      account. Then try the operation again.
  5762  //
  5763  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  5764  //      management account must have an associated account in the AWS GovCloud
  5765  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  5766  //      in the AWS GovCloud User Guide.
  5767  //
  5768  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  5769  //      with this management account, you first must associate a valid payment
  5770  //      instrument, such as a credit card, with the account. Follow the steps
  5771  //      at To leave an organization when all required account information has
  5772  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  5773  //      in the AWS Organizations User Guide.
  5774  //
  5775  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  5776  //      to register more delegated administrators than allowed for the service
  5777  //      principal.
  5778  //
  5779  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  5780  //      number of policies of a certain type that can be attached to an entity
  5781  //      at one time.
  5782  //
  5783  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  5784  //      on this resource.
  5785  //
  5786  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  5787  //      with this member account, you first must associate a valid payment instrument,
  5788  //      such as a credit card, with the account. Follow the steps at To leave
  5789  //      an organization when all required account information has not yet been
  5790  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  5791  //      in the AWS Organizations User Guide.
  5792  //
  5793  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  5794  //      policy from an entity that would cause the entity to have fewer than the
  5795  //      minimum number of policies of a certain type required.
  5796  //
  5797  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  5798  //      that requires the organization to be configured to support all features.
  5799  //      An organization that supports only consolidated billing features can't
  5800  //      perform this operation.
  5801  //
  5802  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  5803  //      too many levels deep.
  5804  //
  5805  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  5806  //      that you can have in an organization.
  5807  //
  5808  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  5809  //      is larger than the maximum size.
  5810  //
  5811  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  5812  //      policies that you can have in an organization.
  5813  //
  5814  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  5815  //      tags that are not compliant with the tag policy requirements for this
  5816  //      account.
  5817  //
  5818  //   * InvalidInputException
  5819  //   The requested operation failed because you provided invalid values for one
  5820  //   or more of the request parameters. This exception includes a reason that
  5821  //   contains additional information about the violated limit:
  5822  //
  5823  //   Some of the reasons in the following list might not be applicable to this
  5824  //   specific API or operation.
  5825  //
  5826  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  5827  //      the same entity.
  5828  //
  5829  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  5830  //      can't be modified.
  5831  //
  5832  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  5833  //
  5834  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  5835  //      for the invited account owner.
  5836  //
  5837  //      * INVALID_ENUM: You specified an invalid value.
  5838  //
  5839  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  5840  //
  5841  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  5842  //      characters.
  5843  //
  5844  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  5845  //      at least one invalid value.
  5846  //
  5847  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  5848  //      from the response to a previous call of the operation.
  5849  //
  5850  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  5851  //      organization, or email) as a party.
  5852  //
  5853  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  5854  //      pattern.
  5855  //
  5856  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  5857  //      match the required pattern.
  5858  //
  5859  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  5860  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  5861  //
  5862  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  5863  //      Name (ARN) for the organization.
  5864  //
  5865  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  5866  //
  5867  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  5868  //      tag. You can’t add, edit, or delete system tag keys because they're
  5869  //      reserved for AWS use. System tags don’t count against your tags per
  5870  //      resource limit.
  5871  //
  5872  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  5873  //      for the operation.
  5874  //
  5875  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  5876  //      than allowed.
  5877  //
  5878  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  5879  //      value than allowed.
  5880  //
  5881  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  5882  //      than allowed.
  5883  //
  5884  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  5885  //      value than allowed.
  5886  //
  5887  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  5888  //      between entities in the same root.
  5889  //
  5890  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  5891  //      target entity.
  5892  //
  5893  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  5894  //      isn't recognized.
  5895  //
  5896  //   * ServiceException
  5897  //   AWS Organizations can't complete your request because of an internal service
  5898  //   error. Try again later.
  5899  //
  5900  //   * TooManyRequestsException
  5901  //   You have sent too many requests in too short a period of time. The quota
  5902  //   helps protect against denial-of-service attacks. Try again later.
  5903  //
  5904  //   For information about quotas that affect AWS Organizations, see Quotas for
  5905  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  5906  //   the AWS Organizations User Guide.
  5907  //
  5908  //   * UnsupportedAPIEndpointException
  5909  //   This action isn't available in the current AWS Region.
  5910  //
  5911  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisableAWSServiceAccess
  5912  func (c *Organizations) DisableAWSServiceAccess(input *DisableAWSServiceAccessInput) (*DisableAWSServiceAccessOutput, error) {
  5913  	req, out := c.DisableAWSServiceAccessRequest(input)
  5914  	return out, req.Send()
  5915  }
  5916  
  5917  // DisableAWSServiceAccessWithContext is the same as DisableAWSServiceAccess with the addition of
  5918  // the ability to pass a context and additional request options.
  5919  //
  5920  // See DisableAWSServiceAccess for details on how to use this API operation.
  5921  //
  5922  // The context must be non-nil and will be used for request cancellation. If
  5923  // the context is nil a panic will occur. In the future the SDK may create
  5924  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  5925  // for more information on using Contexts.
  5926  func (c *Organizations) DisableAWSServiceAccessWithContext(ctx aws.Context, input *DisableAWSServiceAccessInput, opts ...request.Option) (*DisableAWSServiceAccessOutput, error) {
  5927  	req, out := c.DisableAWSServiceAccessRequest(input)
  5928  	req.SetContext(ctx)
  5929  	req.ApplyOptions(opts...)
  5930  	return out, req.Send()
  5931  }
  5932  
  5933  const opDisablePolicyType = "DisablePolicyType"
  5934  
  5935  // DisablePolicyTypeRequest generates a "aws/request.Request" representing the
  5936  // client's request for the DisablePolicyType operation. The "output" return
  5937  // value will be populated with the request's response once the request completes
  5938  // successfully.
  5939  //
  5940  // Use "Send" method on the returned Request to send the API call to the service.
  5941  // the "output" return value is not valid until after Send returns without error.
  5942  //
  5943  // See DisablePolicyType for more information on using the DisablePolicyType
  5944  // API call, and error handling.
  5945  //
  5946  // This method is useful when you want to inject custom logic or configuration
  5947  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  5948  //
  5949  //
  5950  //    // Example sending a request using the DisablePolicyTypeRequest method.
  5951  //    req, resp := client.DisablePolicyTypeRequest(params)
  5952  //
  5953  //    err := req.Send()
  5954  //    if err == nil { // resp is now filled
  5955  //        fmt.Println(resp)
  5956  //    }
  5957  //
  5958  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
  5959  func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) (req *request.Request, output *DisablePolicyTypeOutput) {
  5960  	op := &request.Operation{
  5961  		Name:       opDisablePolicyType,
  5962  		HTTPMethod: "POST",
  5963  		HTTPPath:   "/",
  5964  	}
  5965  
  5966  	if input == nil {
  5967  		input = &DisablePolicyTypeInput{}
  5968  	}
  5969  
  5970  	output = &DisablePolicyTypeOutput{}
  5971  	req = c.newRequest(op, input, output)
  5972  	return
  5973  }
  5974  
  5975  // DisablePolicyType API operation for AWS Organizations.
  5976  //
  5977  // Disables an organizational policy type in a root. A policy of a certain type
  5978  // can be attached to entities in a root only if that type is enabled in the
  5979  // root. After you perform this operation, you no longer can attach policies
  5980  // of the specified type to that root or to any organizational unit (OU) or
  5981  // account in that root. You can undo this by using the EnablePolicyType operation.
  5982  //
  5983  // This is an asynchronous request that AWS performs in the background. If you
  5984  // disable a policy type for a root, it still appears enabled for the organization
  5985  // if all features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
  5986  // are enabled for the organization. AWS recommends that you first use ListRoots
  5987  // to see the status of policy types for a specified root, and then use this
  5988  // operation.
  5989  //
  5990  // This operation can be called only from the organization's management account.
  5991  //
  5992  // To view the status of available policy types in the organization, use DescribeOrganization.
  5993  //
  5994  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  5995  // with awserr.Error's Code and Message methods to get detailed information about
  5996  // the error.
  5997  //
  5998  // See the AWS API reference guide for AWS Organizations's
  5999  // API operation DisablePolicyType for usage and error information.
  6000  //
  6001  // Returned Error Types:
  6002  //   * AccessDeniedException
  6003  //   You don't have permissions to perform the requested operation. The user or
  6004  //   role that is making the request must have at least one IAM permissions policy
  6005  //   attached that grants the required permissions. For more information, see
  6006  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  6007  //   in the IAM User Guide.
  6008  //
  6009  //   * AWSOrganizationsNotInUseException
  6010  //   Your account isn't a member of an organization. To make this request, you
  6011  //   must use the credentials of an account that belongs to an organization.
  6012  //
  6013  //   * ConcurrentModificationException
  6014  //   The target of the operation is currently being modified by a different request.
  6015  //   Try again later.
  6016  //
  6017  //   * ConstraintViolationException
  6018  //   Performing this operation violates a minimum or maximum value limit. For
  6019  //   example, attempting to remove the last service control policy (SCP) from
  6020  //   an OU or root, inviting or creating too many accounts to the organization,
  6021  //   or attaching too many policies to an account, OU, or root. This exception
  6022  //   includes a reason that contains additional information about the violated
  6023  //   limit:
  6024  //
  6025  //   Some of the reasons in the following list might not be applicable to this
  6026  //   specific API or operation.
  6027  //
  6028  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  6029  //      account from the organization. You can't remove the management account.
  6030  //      Instead, after you remove all member accounts, delete the organization
  6031  //      itself.
  6032  //
  6033  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  6034  //      from the organization that doesn't yet have enough information to exist
  6035  //      as a standalone account. This account requires you to first agree to the
  6036  //      AWS Customer Agreement. Follow the steps at Removing a member account
  6037  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  6038  //      the AWS Organizations User Guide.
  6039  //
  6040  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  6041  //      an account from the organization that doesn't yet have enough information
  6042  //      to exist as a standalone account. This account requires you to first complete
  6043  //      phone verification. Follow the steps at Removing a member account from
  6044  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  6045  //      in the AWS Organizations User Guide.
  6046  //
  6047  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  6048  //      of accounts that you can create in one day.
  6049  //
  6050  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  6051  //      the number of accounts in an organization. If you need more accounts,
  6052  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  6053  //      request an increase in your limit. Or the number of invitations that you
  6054  //      tried to send would cause you to exceed the limit of accounts in your
  6055  //      organization. Send fewer invitations or contact AWS Support to request
  6056  //      an increase in the number of accounts. Deleted and closed accounts still
  6057  //      count toward your limit. If you get this exception when running a command
  6058  //      immediately after creating the organization, wait one hour and try again.
  6059  //      After an hour, if the command continues to fail with this error, contact
  6060  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  6061  //
  6062  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  6063  //      register the management account of the organization as a delegated administrator
  6064  //      for an AWS service integrated with Organizations. You can designate only
  6065  //      a member account as a delegated administrator.
  6066  //
  6067  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  6068  //      an account that is registered as a delegated administrator for a service
  6069  //      integrated with your organization. To complete this operation, you must
  6070  //      first deregister this account as a delegated administrator.
  6071  //
  6072  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  6073  //      organization in the specified region, you must enable all features mode.
  6074  //
  6075  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  6076  //      an AWS account as a delegated administrator for an AWS service that already
  6077  //      has a delegated administrator. To complete this operation, you must first
  6078  //      deregister any existing delegated administrators for this service.
  6079  //
  6080  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  6081  //      valid for a limited period of time. You must resubmit the request and
  6082  //      generate a new verfication code.
  6083  //
  6084  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  6085  //      handshakes that you can send in one day.
  6086  //
  6087  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  6088  //      in this organization, you first must migrate the organization's management
  6089  //      account to the marketplace that corresponds to the management account's
  6090  //      address. For example, accounts with India addresses must be associated
  6091  //      with the AISPL marketplace. All accounts in an organization must be associated
  6092  //      with the same marketplace.
  6093  //
  6094  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  6095  //      in China. To create an organization, the master must have a valid business
  6096  //      license. For more information, contact customer support.
  6097  //
  6098  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  6099  //      must first provide a valid contact address and phone number for the management
  6100  //      account. Then try the operation again.
  6101  //
  6102  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  6103  //      management account must have an associated account in the AWS GovCloud
  6104  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  6105  //      in the AWS GovCloud User Guide.
  6106  //
  6107  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  6108  //      with this management account, you first must associate a valid payment
  6109  //      instrument, such as a credit card, with the account. Follow the steps
  6110  //      at To leave an organization when all required account information has
  6111  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  6112  //      in the AWS Organizations User Guide.
  6113  //
  6114  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  6115  //      to register more delegated administrators than allowed for the service
  6116  //      principal.
  6117  //
  6118  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  6119  //      number of policies of a certain type that can be attached to an entity
  6120  //      at one time.
  6121  //
  6122  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  6123  //      on this resource.
  6124  //
  6125  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  6126  //      with this member account, you first must associate a valid payment instrument,
  6127  //      such as a credit card, with the account. Follow the steps at To leave
  6128  //      an organization when all required account information has not yet been
  6129  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  6130  //      in the AWS Organizations User Guide.
  6131  //
  6132  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  6133  //      policy from an entity that would cause the entity to have fewer than the
  6134  //      minimum number of policies of a certain type required.
  6135  //
  6136  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  6137  //      that requires the organization to be configured to support all features.
  6138  //      An organization that supports only consolidated billing features can't
  6139  //      perform this operation.
  6140  //
  6141  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  6142  //      too many levels deep.
  6143  //
  6144  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  6145  //      that you can have in an organization.
  6146  //
  6147  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  6148  //      is larger than the maximum size.
  6149  //
  6150  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  6151  //      policies that you can have in an organization.
  6152  //
  6153  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  6154  //      tags that are not compliant with the tag policy requirements for this
  6155  //      account.
  6156  //
  6157  //   * InvalidInputException
  6158  //   The requested operation failed because you provided invalid values for one
  6159  //   or more of the request parameters. This exception includes a reason that
  6160  //   contains additional information about the violated limit:
  6161  //
  6162  //   Some of the reasons in the following list might not be applicable to this
  6163  //   specific API or operation.
  6164  //
  6165  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  6166  //      the same entity.
  6167  //
  6168  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  6169  //      can't be modified.
  6170  //
  6171  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  6172  //
  6173  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  6174  //      for the invited account owner.
  6175  //
  6176  //      * INVALID_ENUM: You specified an invalid value.
  6177  //
  6178  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  6179  //
  6180  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  6181  //      characters.
  6182  //
  6183  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  6184  //      at least one invalid value.
  6185  //
  6186  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  6187  //      from the response to a previous call of the operation.
  6188  //
  6189  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  6190  //      organization, or email) as a party.
  6191  //
  6192  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  6193  //      pattern.
  6194  //
  6195  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  6196  //      match the required pattern.
  6197  //
  6198  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  6199  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  6200  //
  6201  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  6202  //      Name (ARN) for the organization.
  6203  //
  6204  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  6205  //
  6206  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  6207  //      tag. You can’t add, edit, or delete system tag keys because they're
  6208  //      reserved for AWS use. System tags don’t count against your tags per
  6209  //      resource limit.
  6210  //
  6211  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  6212  //      for the operation.
  6213  //
  6214  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  6215  //      than allowed.
  6216  //
  6217  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  6218  //      value than allowed.
  6219  //
  6220  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  6221  //      than allowed.
  6222  //
  6223  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  6224  //      value than allowed.
  6225  //
  6226  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  6227  //      between entities in the same root.
  6228  //
  6229  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  6230  //      target entity.
  6231  //
  6232  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  6233  //      isn't recognized.
  6234  //
  6235  //   * PolicyTypeNotEnabledException
  6236  //   The specified policy type isn't currently enabled in this root. You can't
  6237  //   attach policies of the specified type to entities in a root until you enable
  6238  //   that type in the root. For more information, see Enabling All Features in
  6239  //   Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
  6240  //   in the AWS Organizations User Guide.
  6241  //
  6242  //   * RootNotFoundException
  6243  //   We can't find a root with the RootId that you specified.
  6244  //
  6245  //   * ServiceException
  6246  //   AWS Organizations can't complete your request because of an internal service
  6247  //   error. Try again later.
  6248  //
  6249  //   * TooManyRequestsException
  6250  //   You have sent too many requests in too short a period of time. The quota
  6251  //   helps protect against denial-of-service attacks. Try again later.
  6252  //
  6253  //   For information about quotas that affect AWS Organizations, see Quotas for
  6254  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  6255  //   the AWS Organizations User Guide.
  6256  //
  6257  //   * UnsupportedAPIEndpointException
  6258  //   This action isn't available in the current AWS Region.
  6259  //
  6260  //   * PolicyChangesInProgressException
  6261  //   Changes to the effective policy are in progress, and its contents can't be
  6262  //   returned. Try the operation again later.
  6263  //
  6264  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/DisablePolicyType
  6265  func (c *Organizations) DisablePolicyType(input *DisablePolicyTypeInput) (*DisablePolicyTypeOutput, error) {
  6266  	req, out := c.DisablePolicyTypeRequest(input)
  6267  	return out, req.Send()
  6268  }
  6269  
  6270  // DisablePolicyTypeWithContext is the same as DisablePolicyType with the addition of
  6271  // the ability to pass a context and additional request options.
  6272  //
  6273  // See DisablePolicyType for details on how to use this API operation.
  6274  //
  6275  // The context must be non-nil and will be used for request cancellation. If
  6276  // the context is nil a panic will occur. In the future the SDK may create
  6277  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  6278  // for more information on using Contexts.
  6279  func (c *Organizations) DisablePolicyTypeWithContext(ctx aws.Context, input *DisablePolicyTypeInput, opts ...request.Option) (*DisablePolicyTypeOutput, error) {
  6280  	req, out := c.DisablePolicyTypeRequest(input)
  6281  	req.SetContext(ctx)
  6282  	req.ApplyOptions(opts...)
  6283  	return out, req.Send()
  6284  }
  6285  
  6286  const opEnableAWSServiceAccess = "EnableAWSServiceAccess"
  6287  
  6288  // EnableAWSServiceAccessRequest generates a "aws/request.Request" representing the
  6289  // client's request for the EnableAWSServiceAccess operation. The "output" return
  6290  // value will be populated with the request's response once the request completes
  6291  // successfully.
  6292  //
  6293  // Use "Send" method on the returned Request to send the API call to the service.
  6294  // the "output" return value is not valid until after Send returns without error.
  6295  //
  6296  // See EnableAWSServiceAccess for more information on using the EnableAWSServiceAccess
  6297  // API call, and error handling.
  6298  //
  6299  // This method is useful when you want to inject custom logic or configuration
  6300  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  6301  //
  6302  //
  6303  //    // Example sending a request using the EnableAWSServiceAccessRequest method.
  6304  //    req, resp := client.EnableAWSServiceAccessRequest(params)
  6305  //
  6306  //    err := req.Send()
  6307  //    if err == nil { // resp is now filled
  6308  //        fmt.Println(resp)
  6309  //    }
  6310  //
  6311  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
  6312  func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAccessInput) (req *request.Request, output *EnableAWSServiceAccessOutput) {
  6313  	op := &request.Operation{
  6314  		Name:       opEnableAWSServiceAccess,
  6315  		HTTPMethod: "POST",
  6316  		HTTPPath:   "/",
  6317  	}
  6318  
  6319  	if input == nil {
  6320  		input = &EnableAWSServiceAccessInput{}
  6321  	}
  6322  
  6323  	output = &EnableAWSServiceAccessOutput{}
  6324  	req = c.newRequest(op, input, output)
  6325  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
  6326  	return
  6327  }
  6328  
  6329  // EnableAWSServiceAccess API operation for AWS Organizations.
  6330  //
  6331  // Enables the integration of an AWS service (the service that is specified
  6332  // by ServicePrincipal) with AWS Organizations. When you enable integration,
  6333  // you allow the specified service to create a service-linked role (http://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html)
  6334  // in all the accounts in your organization. This allows the service to perform
  6335  // operations on your behalf in your organization and its accounts.
  6336  //
  6337  // We recommend that you enable integration between AWS Organizations and the
  6338  // specified AWS service by using the console or commands that are provided
  6339  // by the specified service. Doing so ensures that the service is aware that
  6340  // it can create the resources that are required for the integration. How the
  6341  // service creates those resources in the organization's accounts depends on
  6342  // that service. For more information, see the documentation for the other AWS
  6343  // service.
  6344  //
  6345  // For more information about enabling services to integrate with AWS Organizations,
  6346  // see Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
  6347  // in the AWS Organizations User Guide.
  6348  //
  6349  // This operation can be called only from the organization's management account
  6350  // and only if the organization has enabled all features (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html).
  6351  //
  6352  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  6353  // with awserr.Error's Code and Message methods to get detailed information about
  6354  // the error.
  6355  //
  6356  // See the AWS API reference guide for AWS Organizations's
  6357  // API operation EnableAWSServiceAccess for usage and error information.
  6358  //
  6359  // Returned Error Types:
  6360  //   * AccessDeniedException
  6361  //   You don't have permissions to perform the requested operation. The user or
  6362  //   role that is making the request must have at least one IAM permissions policy
  6363  //   attached that grants the required permissions. For more information, see
  6364  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  6365  //   in the IAM User Guide.
  6366  //
  6367  //   * AWSOrganizationsNotInUseException
  6368  //   Your account isn't a member of an organization. To make this request, you
  6369  //   must use the credentials of an account that belongs to an organization.
  6370  //
  6371  //   * ConcurrentModificationException
  6372  //   The target of the operation is currently being modified by a different request.
  6373  //   Try again later.
  6374  //
  6375  //   * ConstraintViolationException
  6376  //   Performing this operation violates a minimum or maximum value limit. For
  6377  //   example, attempting to remove the last service control policy (SCP) from
  6378  //   an OU or root, inviting or creating too many accounts to the organization,
  6379  //   or attaching too many policies to an account, OU, or root. This exception
  6380  //   includes a reason that contains additional information about the violated
  6381  //   limit:
  6382  //
  6383  //   Some of the reasons in the following list might not be applicable to this
  6384  //   specific API or operation.
  6385  //
  6386  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  6387  //      account from the organization. You can't remove the management account.
  6388  //      Instead, after you remove all member accounts, delete the organization
  6389  //      itself.
  6390  //
  6391  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  6392  //      from the organization that doesn't yet have enough information to exist
  6393  //      as a standalone account. This account requires you to first agree to the
  6394  //      AWS Customer Agreement. Follow the steps at Removing a member account
  6395  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  6396  //      the AWS Organizations User Guide.
  6397  //
  6398  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  6399  //      an account from the organization that doesn't yet have enough information
  6400  //      to exist as a standalone account. This account requires you to first complete
  6401  //      phone verification. Follow the steps at Removing a member account from
  6402  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  6403  //      in the AWS Organizations User Guide.
  6404  //
  6405  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  6406  //      of accounts that you can create in one day.
  6407  //
  6408  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  6409  //      the number of accounts in an organization. If you need more accounts,
  6410  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  6411  //      request an increase in your limit. Or the number of invitations that you
  6412  //      tried to send would cause you to exceed the limit of accounts in your
  6413  //      organization. Send fewer invitations or contact AWS Support to request
  6414  //      an increase in the number of accounts. Deleted and closed accounts still
  6415  //      count toward your limit. If you get this exception when running a command
  6416  //      immediately after creating the organization, wait one hour and try again.
  6417  //      After an hour, if the command continues to fail with this error, contact
  6418  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  6419  //
  6420  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  6421  //      register the management account of the organization as a delegated administrator
  6422  //      for an AWS service integrated with Organizations. You can designate only
  6423  //      a member account as a delegated administrator.
  6424  //
  6425  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  6426  //      an account that is registered as a delegated administrator for a service
  6427  //      integrated with your organization. To complete this operation, you must
  6428  //      first deregister this account as a delegated administrator.
  6429  //
  6430  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  6431  //      organization in the specified region, you must enable all features mode.
  6432  //
  6433  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  6434  //      an AWS account as a delegated administrator for an AWS service that already
  6435  //      has a delegated administrator. To complete this operation, you must first
  6436  //      deregister any existing delegated administrators for this service.
  6437  //
  6438  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  6439  //      valid for a limited period of time. You must resubmit the request and
  6440  //      generate a new verfication code.
  6441  //
  6442  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  6443  //      handshakes that you can send in one day.
  6444  //
  6445  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  6446  //      in this organization, you first must migrate the organization's management
  6447  //      account to the marketplace that corresponds to the management account's
  6448  //      address. For example, accounts with India addresses must be associated
  6449  //      with the AISPL marketplace. All accounts in an organization must be associated
  6450  //      with the same marketplace.
  6451  //
  6452  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  6453  //      in China. To create an organization, the master must have a valid business
  6454  //      license. For more information, contact customer support.
  6455  //
  6456  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  6457  //      must first provide a valid contact address and phone number for the management
  6458  //      account. Then try the operation again.
  6459  //
  6460  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  6461  //      management account must have an associated account in the AWS GovCloud
  6462  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  6463  //      in the AWS GovCloud User Guide.
  6464  //
  6465  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  6466  //      with this management account, you first must associate a valid payment
  6467  //      instrument, such as a credit card, with the account. Follow the steps
  6468  //      at To leave an organization when all required account information has
  6469  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  6470  //      in the AWS Organizations User Guide.
  6471  //
  6472  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  6473  //      to register more delegated administrators than allowed for the service
  6474  //      principal.
  6475  //
  6476  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  6477  //      number of policies of a certain type that can be attached to an entity
  6478  //      at one time.
  6479  //
  6480  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  6481  //      on this resource.
  6482  //
  6483  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  6484  //      with this member account, you first must associate a valid payment instrument,
  6485  //      such as a credit card, with the account. Follow the steps at To leave
  6486  //      an organization when all required account information has not yet been
  6487  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  6488  //      in the AWS Organizations User Guide.
  6489  //
  6490  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  6491  //      policy from an entity that would cause the entity to have fewer than the
  6492  //      minimum number of policies of a certain type required.
  6493  //
  6494  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  6495  //      that requires the organization to be configured to support all features.
  6496  //      An organization that supports only consolidated billing features can't
  6497  //      perform this operation.
  6498  //
  6499  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  6500  //      too many levels deep.
  6501  //
  6502  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  6503  //      that you can have in an organization.
  6504  //
  6505  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  6506  //      is larger than the maximum size.
  6507  //
  6508  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  6509  //      policies that you can have in an organization.
  6510  //
  6511  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  6512  //      tags that are not compliant with the tag policy requirements for this
  6513  //      account.
  6514  //
  6515  //   * InvalidInputException
  6516  //   The requested operation failed because you provided invalid values for one
  6517  //   or more of the request parameters. This exception includes a reason that
  6518  //   contains additional information about the violated limit:
  6519  //
  6520  //   Some of the reasons in the following list might not be applicable to this
  6521  //   specific API or operation.
  6522  //
  6523  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  6524  //      the same entity.
  6525  //
  6526  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  6527  //      can't be modified.
  6528  //
  6529  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  6530  //
  6531  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  6532  //      for the invited account owner.
  6533  //
  6534  //      * INVALID_ENUM: You specified an invalid value.
  6535  //
  6536  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  6537  //
  6538  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  6539  //      characters.
  6540  //
  6541  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  6542  //      at least one invalid value.
  6543  //
  6544  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  6545  //      from the response to a previous call of the operation.
  6546  //
  6547  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  6548  //      organization, or email) as a party.
  6549  //
  6550  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  6551  //      pattern.
  6552  //
  6553  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  6554  //      match the required pattern.
  6555  //
  6556  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  6557  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  6558  //
  6559  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  6560  //      Name (ARN) for the organization.
  6561  //
  6562  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  6563  //
  6564  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  6565  //      tag. You can’t add, edit, or delete system tag keys because they're
  6566  //      reserved for AWS use. System tags don’t count against your tags per
  6567  //      resource limit.
  6568  //
  6569  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  6570  //      for the operation.
  6571  //
  6572  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  6573  //      than allowed.
  6574  //
  6575  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  6576  //      value than allowed.
  6577  //
  6578  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  6579  //      than allowed.
  6580  //
  6581  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  6582  //      value than allowed.
  6583  //
  6584  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  6585  //      between entities in the same root.
  6586  //
  6587  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  6588  //      target entity.
  6589  //
  6590  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  6591  //      isn't recognized.
  6592  //
  6593  //   * ServiceException
  6594  //   AWS Organizations can't complete your request because of an internal service
  6595  //   error. Try again later.
  6596  //
  6597  //   * TooManyRequestsException
  6598  //   You have sent too many requests in too short a period of time. The quota
  6599  //   helps protect against denial-of-service attacks. Try again later.
  6600  //
  6601  //   For information about quotas that affect AWS Organizations, see Quotas for
  6602  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  6603  //   the AWS Organizations User Guide.
  6604  //
  6605  //   * UnsupportedAPIEndpointException
  6606  //   This action isn't available in the current AWS Region.
  6607  //
  6608  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAWSServiceAccess
  6609  func (c *Organizations) EnableAWSServiceAccess(input *EnableAWSServiceAccessInput) (*EnableAWSServiceAccessOutput, error) {
  6610  	req, out := c.EnableAWSServiceAccessRequest(input)
  6611  	return out, req.Send()
  6612  }
  6613  
  6614  // EnableAWSServiceAccessWithContext is the same as EnableAWSServiceAccess with the addition of
  6615  // the ability to pass a context and additional request options.
  6616  //
  6617  // See EnableAWSServiceAccess for details on how to use this API operation.
  6618  //
  6619  // The context must be non-nil and will be used for request cancellation. If
  6620  // the context is nil a panic will occur. In the future the SDK may create
  6621  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  6622  // for more information on using Contexts.
  6623  func (c *Organizations) EnableAWSServiceAccessWithContext(ctx aws.Context, input *EnableAWSServiceAccessInput, opts ...request.Option) (*EnableAWSServiceAccessOutput, error) {
  6624  	req, out := c.EnableAWSServiceAccessRequest(input)
  6625  	req.SetContext(ctx)
  6626  	req.ApplyOptions(opts...)
  6627  	return out, req.Send()
  6628  }
  6629  
  6630  const opEnableAllFeatures = "EnableAllFeatures"
  6631  
  6632  // EnableAllFeaturesRequest generates a "aws/request.Request" representing the
  6633  // client's request for the EnableAllFeatures operation. The "output" return
  6634  // value will be populated with the request's response once the request completes
  6635  // successfully.
  6636  //
  6637  // Use "Send" method on the returned Request to send the API call to the service.
  6638  // the "output" return value is not valid until after Send returns without error.
  6639  //
  6640  // See EnableAllFeatures for more information on using the EnableAllFeatures
  6641  // API call, and error handling.
  6642  //
  6643  // This method is useful when you want to inject custom logic or configuration
  6644  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  6645  //
  6646  //
  6647  //    // Example sending a request using the EnableAllFeaturesRequest method.
  6648  //    req, resp := client.EnableAllFeaturesRequest(params)
  6649  //
  6650  //    err := req.Send()
  6651  //    if err == nil { // resp is now filled
  6652  //        fmt.Println(resp)
  6653  //    }
  6654  //
  6655  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
  6656  func (c *Organizations) EnableAllFeaturesRequest(input *EnableAllFeaturesInput) (req *request.Request, output *EnableAllFeaturesOutput) {
  6657  	op := &request.Operation{
  6658  		Name:       opEnableAllFeatures,
  6659  		HTTPMethod: "POST",
  6660  		HTTPPath:   "/",
  6661  	}
  6662  
  6663  	if input == nil {
  6664  		input = &EnableAllFeaturesInput{}
  6665  	}
  6666  
  6667  	output = &EnableAllFeaturesOutput{}
  6668  	req = c.newRequest(op, input, output)
  6669  	return
  6670  }
  6671  
  6672  // EnableAllFeatures API operation for AWS Organizations.
  6673  //
  6674  // Enables all features in an organization. This enables the use of organization
  6675  // policies that can restrict the services and actions that can be called in
  6676  // each account. Until you enable all features, you have access only to consolidated
  6677  // billing, and you can't use any of the advanced account administration features
  6678  // that AWS Organizations supports. For more information, see Enabling All Features
  6679  // in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
  6680  // in the AWS Organizations User Guide.
  6681  //
  6682  // This operation is required only for organizations that were created explicitly
  6683  // with only the consolidated billing features enabled. Calling this operation
  6684  // sends a handshake to every invited account in the organization. The feature
  6685  // set change can be finalized and the additional features enabled only after
  6686  // all administrators in the invited accounts approve the change by accepting
  6687  // the handshake.
  6688  //
  6689  // After you enable all features, you can separately enable or disable individual
  6690  // policy types in a root using EnablePolicyType and DisablePolicyType. To see
  6691  // the status of policy types in a root, use ListRoots.
  6692  //
  6693  // After all invited member accounts accept the handshake, you finalize the
  6694  // feature set change by accepting the handshake that contains "Action": "ENABLE_ALL_FEATURES".
  6695  // This completes the change.
  6696  //
  6697  // After you enable all features in your organization, the management account
  6698  // in the organization can apply policies on all member accounts. These policies
  6699  // can restrict what users and even administrators in those accounts can do.
  6700  // The management account can apply policies that prevent accounts from leaving
  6701  // the organization. Ensure that your account administrators are aware of this.
  6702  //
  6703  // This operation can be called only from the organization's management account.
  6704  //
  6705  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  6706  // with awserr.Error's Code and Message methods to get detailed information about
  6707  // the error.
  6708  //
  6709  // See the AWS API reference guide for AWS Organizations's
  6710  // API operation EnableAllFeatures for usage and error information.
  6711  //
  6712  // Returned Error Types:
  6713  //   * AccessDeniedException
  6714  //   You don't have permissions to perform the requested operation. The user or
  6715  //   role that is making the request must have at least one IAM permissions policy
  6716  //   attached that grants the required permissions. For more information, see
  6717  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  6718  //   in the IAM User Guide.
  6719  //
  6720  //   * AWSOrganizationsNotInUseException
  6721  //   Your account isn't a member of an organization. To make this request, you
  6722  //   must use the credentials of an account that belongs to an organization.
  6723  //
  6724  //   * ConcurrentModificationException
  6725  //   The target of the operation is currently being modified by a different request.
  6726  //   Try again later.
  6727  //
  6728  //   * HandshakeConstraintViolationException
  6729  //   The requested operation would violate the constraint identified in the reason
  6730  //   code.
  6731  //
  6732  //   Some of the reasons in the following list might not be applicable to this
  6733  //   specific API or operation:
  6734  //
  6735  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  6736  //      the number of accounts in an organization. Note that deleted and closed
  6737  //      accounts still count toward your limit. If you get this exception immediately
  6738  //      after creating the organization, wait one hour and try again. If after
  6739  //      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
  6740  //
  6741  //      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
  6742  //      the invited account is already a member of an organization.
  6743  //
  6744  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  6745  //      handshakes that you can send in one day.
  6746  //
  6747  //      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
  6748  //      to join an organization while it's in the process of enabling all features.
  6749  //      You can resume inviting accounts after you finalize the process when all
  6750  //      accounts have agreed to the change.
  6751  //
  6752  //      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
  6753  //      because the organization has already enabled all features.
  6754  //
  6755  //      * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
  6756  //      request is invalid because the organization has already started the process
  6757  //      to enable all features.
  6758  //
  6759  //      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
  6760  //      the account is from a different marketplace than the accounts in the organization.
  6761  //      For example, accounts with India addresses must be associated with the
  6762  //      AISPL marketplace. All accounts in an organization must be from the same
  6763  //      marketplace.
  6764  //
  6765  //      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
  6766  //      change the membership of an account too quickly after its previous change.
  6767  //
  6768  //      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
  6769  //      account that doesn't have a payment instrument, such as a credit card,
  6770  //      associated with it.
  6771  //
  6772  //   * InvalidInputException
  6773  //   The requested operation failed because you provided invalid values for one
  6774  //   or more of the request parameters. This exception includes a reason that
  6775  //   contains additional information about the violated limit:
  6776  //
  6777  //   Some of the reasons in the following list might not be applicable to this
  6778  //   specific API or operation.
  6779  //
  6780  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  6781  //      the same entity.
  6782  //
  6783  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  6784  //      can't be modified.
  6785  //
  6786  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  6787  //
  6788  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  6789  //      for the invited account owner.
  6790  //
  6791  //      * INVALID_ENUM: You specified an invalid value.
  6792  //
  6793  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  6794  //
  6795  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  6796  //      characters.
  6797  //
  6798  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  6799  //      at least one invalid value.
  6800  //
  6801  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  6802  //      from the response to a previous call of the operation.
  6803  //
  6804  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  6805  //      organization, or email) as a party.
  6806  //
  6807  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  6808  //      pattern.
  6809  //
  6810  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  6811  //      match the required pattern.
  6812  //
  6813  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  6814  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  6815  //
  6816  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  6817  //      Name (ARN) for the organization.
  6818  //
  6819  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  6820  //
  6821  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  6822  //      tag. You can’t add, edit, or delete system tag keys because they're
  6823  //      reserved for AWS use. System tags don’t count against your tags per
  6824  //      resource limit.
  6825  //
  6826  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  6827  //      for the operation.
  6828  //
  6829  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  6830  //      than allowed.
  6831  //
  6832  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  6833  //      value than allowed.
  6834  //
  6835  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  6836  //      than allowed.
  6837  //
  6838  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  6839  //      value than allowed.
  6840  //
  6841  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  6842  //      between entities in the same root.
  6843  //
  6844  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  6845  //      target entity.
  6846  //
  6847  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  6848  //      isn't recognized.
  6849  //
  6850  //   * ServiceException
  6851  //   AWS Organizations can't complete your request because of an internal service
  6852  //   error. Try again later.
  6853  //
  6854  //   * TooManyRequestsException
  6855  //   You have sent too many requests in too short a period of time. The quota
  6856  //   helps protect against denial-of-service attacks. Try again later.
  6857  //
  6858  //   For information about quotas that affect AWS Organizations, see Quotas for
  6859  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  6860  //   the AWS Organizations User Guide.
  6861  //
  6862  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnableAllFeatures
  6863  func (c *Organizations) EnableAllFeatures(input *EnableAllFeaturesInput) (*EnableAllFeaturesOutput, error) {
  6864  	req, out := c.EnableAllFeaturesRequest(input)
  6865  	return out, req.Send()
  6866  }
  6867  
  6868  // EnableAllFeaturesWithContext is the same as EnableAllFeatures with the addition of
  6869  // the ability to pass a context and additional request options.
  6870  //
  6871  // See EnableAllFeatures for details on how to use this API operation.
  6872  //
  6873  // The context must be non-nil and will be used for request cancellation. If
  6874  // the context is nil a panic will occur. In the future the SDK may create
  6875  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  6876  // for more information on using Contexts.
  6877  func (c *Organizations) EnableAllFeaturesWithContext(ctx aws.Context, input *EnableAllFeaturesInput, opts ...request.Option) (*EnableAllFeaturesOutput, error) {
  6878  	req, out := c.EnableAllFeaturesRequest(input)
  6879  	req.SetContext(ctx)
  6880  	req.ApplyOptions(opts...)
  6881  	return out, req.Send()
  6882  }
  6883  
  6884  const opEnablePolicyType = "EnablePolicyType"
  6885  
  6886  // EnablePolicyTypeRequest generates a "aws/request.Request" representing the
  6887  // client's request for the EnablePolicyType operation. The "output" return
  6888  // value will be populated with the request's response once the request completes
  6889  // successfully.
  6890  //
  6891  // Use "Send" method on the returned Request to send the API call to the service.
  6892  // the "output" return value is not valid until after Send returns without error.
  6893  //
  6894  // See EnablePolicyType for more information on using the EnablePolicyType
  6895  // API call, and error handling.
  6896  //
  6897  // This method is useful when you want to inject custom logic or configuration
  6898  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  6899  //
  6900  //
  6901  //    // Example sending a request using the EnablePolicyTypeRequest method.
  6902  //    req, resp := client.EnablePolicyTypeRequest(params)
  6903  //
  6904  //    err := req.Send()
  6905  //    if err == nil { // resp is now filled
  6906  //        fmt.Println(resp)
  6907  //    }
  6908  //
  6909  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
  6910  func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (req *request.Request, output *EnablePolicyTypeOutput) {
  6911  	op := &request.Operation{
  6912  		Name:       opEnablePolicyType,
  6913  		HTTPMethod: "POST",
  6914  		HTTPPath:   "/",
  6915  	}
  6916  
  6917  	if input == nil {
  6918  		input = &EnablePolicyTypeInput{}
  6919  	}
  6920  
  6921  	output = &EnablePolicyTypeOutput{}
  6922  	req = c.newRequest(op, input, output)
  6923  	return
  6924  }
  6925  
  6926  // EnablePolicyType API operation for AWS Organizations.
  6927  //
  6928  // Enables a policy type in a root. After you enable a policy type in a root,
  6929  // you can attach policies of that type to the root, any organizational unit
  6930  // (OU), or account in that root. You can undo this by using the DisablePolicyType
  6931  // operation.
  6932  //
  6933  // This is an asynchronous request that AWS performs in the background. AWS
  6934  // recommends that you first use ListRoots to see the status of policy types
  6935  // for a specified root, and then use this operation.
  6936  //
  6937  // This operation can be called only from the organization's management account.
  6938  //
  6939  // You can enable a policy type in a root only if that policy type is available
  6940  // in the organization. To view the status of available policy types in the
  6941  // organization, use DescribeOrganization.
  6942  //
  6943  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  6944  // with awserr.Error's Code and Message methods to get detailed information about
  6945  // the error.
  6946  //
  6947  // See the AWS API reference guide for AWS Organizations's
  6948  // API operation EnablePolicyType for usage and error information.
  6949  //
  6950  // Returned Error Types:
  6951  //   * AccessDeniedException
  6952  //   You don't have permissions to perform the requested operation. The user or
  6953  //   role that is making the request must have at least one IAM permissions policy
  6954  //   attached that grants the required permissions. For more information, see
  6955  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  6956  //   in the IAM User Guide.
  6957  //
  6958  //   * AWSOrganizationsNotInUseException
  6959  //   Your account isn't a member of an organization. To make this request, you
  6960  //   must use the credentials of an account that belongs to an organization.
  6961  //
  6962  //   * ConcurrentModificationException
  6963  //   The target of the operation is currently being modified by a different request.
  6964  //   Try again later.
  6965  //
  6966  //   * ConstraintViolationException
  6967  //   Performing this operation violates a minimum or maximum value limit. For
  6968  //   example, attempting to remove the last service control policy (SCP) from
  6969  //   an OU or root, inviting or creating too many accounts to the organization,
  6970  //   or attaching too many policies to an account, OU, or root. This exception
  6971  //   includes a reason that contains additional information about the violated
  6972  //   limit:
  6973  //
  6974  //   Some of the reasons in the following list might not be applicable to this
  6975  //   specific API or operation.
  6976  //
  6977  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  6978  //      account from the organization. You can't remove the management account.
  6979  //      Instead, after you remove all member accounts, delete the organization
  6980  //      itself.
  6981  //
  6982  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  6983  //      from the organization that doesn't yet have enough information to exist
  6984  //      as a standalone account. This account requires you to first agree to the
  6985  //      AWS Customer Agreement. Follow the steps at Removing a member account
  6986  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  6987  //      the AWS Organizations User Guide.
  6988  //
  6989  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  6990  //      an account from the organization that doesn't yet have enough information
  6991  //      to exist as a standalone account. This account requires you to first complete
  6992  //      phone verification. Follow the steps at Removing a member account from
  6993  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  6994  //      in the AWS Organizations User Guide.
  6995  //
  6996  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  6997  //      of accounts that you can create in one day.
  6998  //
  6999  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  7000  //      the number of accounts in an organization. If you need more accounts,
  7001  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  7002  //      request an increase in your limit. Or the number of invitations that you
  7003  //      tried to send would cause you to exceed the limit of accounts in your
  7004  //      organization. Send fewer invitations or contact AWS Support to request
  7005  //      an increase in the number of accounts. Deleted and closed accounts still
  7006  //      count toward your limit. If you get this exception when running a command
  7007  //      immediately after creating the organization, wait one hour and try again.
  7008  //      After an hour, if the command continues to fail with this error, contact
  7009  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  7010  //
  7011  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  7012  //      register the management account of the organization as a delegated administrator
  7013  //      for an AWS service integrated with Organizations. You can designate only
  7014  //      a member account as a delegated administrator.
  7015  //
  7016  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  7017  //      an account that is registered as a delegated administrator for a service
  7018  //      integrated with your organization. To complete this operation, you must
  7019  //      first deregister this account as a delegated administrator.
  7020  //
  7021  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  7022  //      organization in the specified region, you must enable all features mode.
  7023  //
  7024  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  7025  //      an AWS account as a delegated administrator for an AWS service that already
  7026  //      has a delegated administrator. To complete this operation, you must first
  7027  //      deregister any existing delegated administrators for this service.
  7028  //
  7029  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  7030  //      valid for a limited period of time. You must resubmit the request and
  7031  //      generate a new verfication code.
  7032  //
  7033  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  7034  //      handshakes that you can send in one day.
  7035  //
  7036  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  7037  //      in this organization, you first must migrate the organization's management
  7038  //      account to the marketplace that corresponds to the management account's
  7039  //      address. For example, accounts with India addresses must be associated
  7040  //      with the AISPL marketplace. All accounts in an organization must be associated
  7041  //      with the same marketplace.
  7042  //
  7043  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  7044  //      in China. To create an organization, the master must have a valid business
  7045  //      license. For more information, contact customer support.
  7046  //
  7047  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  7048  //      must first provide a valid contact address and phone number for the management
  7049  //      account. Then try the operation again.
  7050  //
  7051  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  7052  //      management account must have an associated account in the AWS GovCloud
  7053  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  7054  //      in the AWS GovCloud User Guide.
  7055  //
  7056  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  7057  //      with this management account, you first must associate a valid payment
  7058  //      instrument, such as a credit card, with the account. Follow the steps
  7059  //      at To leave an organization when all required account information has
  7060  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  7061  //      in the AWS Organizations User Guide.
  7062  //
  7063  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  7064  //      to register more delegated administrators than allowed for the service
  7065  //      principal.
  7066  //
  7067  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  7068  //      number of policies of a certain type that can be attached to an entity
  7069  //      at one time.
  7070  //
  7071  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  7072  //      on this resource.
  7073  //
  7074  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  7075  //      with this member account, you first must associate a valid payment instrument,
  7076  //      such as a credit card, with the account. Follow the steps at To leave
  7077  //      an organization when all required account information has not yet been
  7078  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  7079  //      in the AWS Organizations User Guide.
  7080  //
  7081  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  7082  //      policy from an entity that would cause the entity to have fewer than the
  7083  //      minimum number of policies of a certain type required.
  7084  //
  7085  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  7086  //      that requires the organization to be configured to support all features.
  7087  //      An organization that supports only consolidated billing features can't
  7088  //      perform this operation.
  7089  //
  7090  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  7091  //      too many levels deep.
  7092  //
  7093  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  7094  //      that you can have in an organization.
  7095  //
  7096  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  7097  //      is larger than the maximum size.
  7098  //
  7099  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  7100  //      policies that you can have in an organization.
  7101  //
  7102  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  7103  //      tags that are not compliant with the tag policy requirements for this
  7104  //      account.
  7105  //
  7106  //   * InvalidInputException
  7107  //   The requested operation failed because you provided invalid values for one
  7108  //   or more of the request parameters. This exception includes a reason that
  7109  //   contains additional information about the violated limit:
  7110  //
  7111  //   Some of the reasons in the following list might not be applicable to this
  7112  //   specific API or operation.
  7113  //
  7114  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  7115  //      the same entity.
  7116  //
  7117  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  7118  //      can't be modified.
  7119  //
  7120  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  7121  //
  7122  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  7123  //      for the invited account owner.
  7124  //
  7125  //      * INVALID_ENUM: You specified an invalid value.
  7126  //
  7127  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  7128  //
  7129  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  7130  //      characters.
  7131  //
  7132  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  7133  //      at least one invalid value.
  7134  //
  7135  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  7136  //      from the response to a previous call of the operation.
  7137  //
  7138  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  7139  //      organization, or email) as a party.
  7140  //
  7141  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  7142  //      pattern.
  7143  //
  7144  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  7145  //      match the required pattern.
  7146  //
  7147  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  7148  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  7149  //
  7150  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  7151  //      Name (ARN) for the organization.
  7152  //
  7153  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  7154  //
  7155  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  7156  //      tag. You can’t add, edit, or delete system tag keys because they're
  7157  //      reserved for AWS use. System tags don’t count against your tags per
  7158  //      resource limit.
  7159  //
  7160  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  7161  //      for the operation.
  7162  //
  7163  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  7164  //      than allowed.
  7165  //
  7166  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  7167  //      value than allowed.
  7168  //
  7169  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  7170  //      than allowed.
  7171  //
  7172  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  7173  //      value than allowed.
  7174  //
  7175  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  7176  //      between entities in the same root.
  7177  //
  7178  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  7179  //      target entity.
  7180  //
  7181  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  7182  //      isn't recognized.
  7183  //
  7184  //   * PolicyTypeAlreadyEnabledException
  7185  //   The specified policy type is already enabled in the specified root.
  7186  //
  7187  //   * RootNotFoundException
  7188  //   We can't find a root with the RootId that you specified.
  7189  //
  7190  //   * ServiceException
  7191  //   AWS Organizations can't complete your request because of an internal service
  7192  //   error. Try again later.
  7193  //
  7194  //   * TooManyRequestsException
  7195  //   You have sent too many requests in too short a period of time. The quota
  7196  //   helps protect against denial-of-service attacks. Try again later.
  7197  //
  7198  //   For information about quotas that affect AWS Organizations, see Quotas for
  7199  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  7200  //   the AWS Organizations User Guide.
  7201  //
  7202  //   * PolicyTypeNotAvailableForOrganizationException
  7203  //   You can't use the specified policy type with the feature set currently enabled
  7204  //   for this organization. For example, you can enable SCPs only after you enable
  7205  //   all features in the organization. For more information, see Managing AWS
  7206  //   Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
  7207  //   the AWS Organizations User Guide.
  7208  //
  7209  //   * UnsupportedAPIEndpointException
  7210  //   This action isn't available in the current AWS Region.
  7211  //
  7212  //   * PolicyChangesInProgressException
  7213  //   Changes to the effective policy are in progress, and its contents can't be
  7214  //   returned. Try the operation again later.
  7215  //
  7216  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/EnablePolicyType
  7217  func (c *Organizations) EnablePolicyType(input *EnablePolicyTypeInput) (*EnablePolicyTypeOutput, error) {
  7218  	req, out := c.EnablePolicyTypeRequest(input)
  7219  	return out, req.Send()
  7220  }
  7221  
  7222  // EnablePolicyTypeWithContext is the same as EnablePolicyType with the addition of
  7223  // the ability to pass a context and additional request options.
  7224  //
  7225  // See EnablePolicyType for details on how to use this API operation.
  7226  //
  7227  // The context must be non-nil and will be used for request cancellation. If
  7228  // the context is nil a panic will occur. In the future the SDK may create
  7229  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  7230  // for more information on using Contexts.
  7231  func (c *Organizations) EnablePolicyTypeWithContext(ctx aws.Context, input *EnablePolicyTypeInput, opts ...request.Option) (*EnablePolicyTypeOutput, error) {
  7232  	req, out := c.EnablePolicyTypeRequest(input)
  7233  	req.SetContext(ctx)
  7234  	req.ApplyOptions(opts...)
  7235  	return out, req.Send()
  7236  }
  7237  
  7238  const opInviteAccountToOrganization = "InviteAccountToOrganization"
  7239  
  7240  // InviteAccountToOrganizationRequest generates a "aws/request.Request" representing the
  7241  // client's request for the InviteAccountToOrganization operation. The "output" return
  7242  // value will be populated with the request's response once the request completes
  7243  // successfully.
  7244  //
  7245  // Use "Send" method on the returned Request to send the API call to the service.
  7246  // the "output" return value is not valid until after Send returns without error.
  7247  //
  7248  // See InviteAccountToOrganization for more information on using the InviteAccountToOrganization
  7249  // API call, and error handling.
  7250  //
  7251  // This method is useful when you want to inject custom logic or configuration
  7252  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  7253  //
  7254  //
  7255  //    // Example sending a request using the InviteAccountToOrganizationRequest method.
  7256  //    req, resp := client.InviteAccountToOrganizationRequest(params)
  7257  //
  7258  //    err := req.Send()
  7259  //    if err == nil { // resp is now filled
  7260  //        fmt.Println(resp)
  7261  //    }
  7262  //
  7263  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
  7264  func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountToOrganizationInput) (req *request.Request, output *InviteAccountToOrganizationOutput) {
  7265  	op := &request.Operation{
  7266  		Name:       opInviteAccountToOrganization,
  7267  		HTTPMethod: "POST",
  7268  		HTTPPath:   "/",
  7269  	}
  7270  
  7271  	if input == nil {
  7272  		input = &InviteAccountToOrganizationInput{}
  7273  	}
  7274  
  7275  	output = &InviteAccountToOrganizationOutput{}
  7276  	req = c.newRequest(op, input, output)
  7277  	return
  7278  }
  7279  
  7280  // InviteAccountToOrganization API operation for AWS Organizations.
  7281  //
  7282  // Sends an invitation to another account to join your organization as a member
  7283  // account. AWS Organizations sends email on your behalf to the email address
  7284  // that is associated with the other account's owner. The invitation is implemented
  7285  // as a Handshake whose details are in the response.
  7286  //
  7287  //    * You can invite AWS accounts only from the same seller as the management
  7288  //    account. For example, if your organization's management account was created
  7289  //    by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India,
  7290  //    you can invite only other AISPL accounts to your organization. You can't
  7291  //    combine accounts from AISPL and AWS or from any other AWS seller. For
  7292  //    more information, see Consolidated Billing in India (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilliing-India.html).
  7293  //
  7294  //    * If you receive an exception that indicates that you exceeded your account
  7295  //    limits for the organization or that the operation failed because your
  7296  //    organization is still initializing, wait one hour and then try again.
  7297  //    If the error persists after an hour, contact AWS Support (https://console.aws.amazon.com/support/home#/).
  7298  //
  7299  // If the request includes tags, then the requester must have the organizations:TagResource
  7300  // permission.
  7301  //
  7302  // This operation can be called only from the organization's management account.
  7303  //
  7304  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  7305  // with awserr.Error's Code and Message methods to get detailed information about
  7306  // the error.
  7307  //
  7308  // See the AWS API reference guide for AWS Organizations's
  7309  // API operation InviteAccountToOrganization for usage and error information.
  7310  //
  7311  // Returned Error Types:
  7312  //   * AccessDeniedException
  7313  //   You don't have permissions to perform the requested operation. The user or
  7314  //   role that is making the request must have at least one IAM permissions policy
  7315  //   attached that grants the required permissions. For more information, see
  7316  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  7317  //   in the IAM User Guide.
  7318  //
  7319  //   * AWSOrganizationsNotInUseException
  7320  //   Your account isn't a member of an organization. To make this request, you
  7321  //   must use the credentials of an account that belongs to an organization.
  7322  //
  7323  //   * AccountOwnerNotVerifiedException
  7324  //   You can't invite an existing account to your organization until you verify
  7325  //   that you own the email address associated with the management account. For
  7326  //   more information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification)
  7327  //   in the AWS Organizations User Guide.
  7328  //
  7329  //   * ConcurrentModificationException
  7330  //   The target of the operation is currently being modified by a different request.
  7331  //   Try again later.
  7332  //
  7333  //   * HandshakeConstraintViolationException
  7334  //   The requested operation would violate the constraint identified in the reason
  7335  //   code.
  7336  //
  7337  //   Some of the reasons in the following list might not be applicable to this
  7338  //   specific API or operation:
  7339  //
  7340  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  7341  //      the number of accounts in an organization. Note that deleted and closed
  7342  //      accounts still count toward your limit. If you get this exception immediately
  7343  //      after creating the organization, wait one hour and try again. If after
  7344  //      an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
  7345  //
  7346  //      * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
  7347  //      the invited account is already a member of an organization.
  7348  //
  7349  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  7350  //      handshakes that you can send in one day.
  7351  //
  7352  //      * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
  7353  //      to join an organization while it's in the process of enabling all features.
  7354  //      You can resume inviting accounts after you finalize the process when all
  7355  //      accounts have agreed to the change.
  7356  //
  7357  //      * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
  7358  //      because the organization has already enabled all features.
  7359  //
  7360  //      * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
  7361  //      request is invalid because the organization has already started the process
  7362  //      to enable all features.
  7363  //
  7364  //      * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
  7365  //      the account is from a different marketplace than the accounts in the organization.
  7366  //      For example, accounts with India addresses must be associated with the
  7367  //      AISPL marketplace. All accounts in an organization must be from the same
  7368  //      marketplace.
  7369  //
  7370  //      * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
  7371  //      change the membership of an account too quickly after its previous change.
  7372  //
  7373  //      * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
  7374  //      account that doesn't have a payment instrument, such as a credit card,
  7375  //      associated with it.
  7376  //
  7377  //   * DuplicateHandshakeException
  7378  //   A handshake with the same action and target already exists. For example,
  7379  //   if you invited an account to join your organization, the invited account
  7380  //   might already have a pending invitation from this organization. If you intend
  7381  //   to resend an invitation to an account, ensure that existing handshakes that
  7382  //   might be considered duplicates are canceled or declined.
  7383  //
  7384  //   * ConstraintViolationException
  7385  //   Performing this operation violates a minimum or maximum value limit. For
  7386  //   example, attempting to remove the last service control policy (SCP) from
  7387  //   an OU or root, inviting or creating too many accounts to the organization,
  7388  //   or attaching too many policies to an account, OU, or root. This exception
  7389  //   includes a reason that contains additional information about the violated
  7390  //   limit:
  7391  //
  7392  //   Some of the reasons in the following list might not be applicable to this
  7393  //   specific API or operation.
  7394  //
  7395  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  7396  //      account from the organization. You can't remove the management account.
  7397  //      Instead, after you remove all member accounts, delete the organization
  7398  //      itself.
  7399  //
  7400  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  7401  //      from the organization that doesn't yet have enough information to exist
  7402  //      as a standalone account. This account requires you to first agree to the
  7403  //      AWS Customer Agreement. Follow the steps at Removing a member account
  7404  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  7405  //      the AWS Organizations User Guide.
  7406  //
  7407  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  7408  //      an account from the organization that doesn't yet have enough information
  7409  //      to exist as a standalone account. This account requires you to first complete
  7410  //      phone verification. Follow the steps at Removing a member account from
  7411  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  7412  //      in the AWS Organizations User Guide.
  7413  //
  7414  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  7415  //      of accounts that you can create in one day.
  7416  //
  7417  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  7418  //      the number of accounts in an organization. If you need more accounts,
  7419  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  7420  //      request an increase in your limit. Or the number of invitations that you
  7421  //      tried to send would cause you to exceed the limit of accounts in your
  7422  //      organization. Send fewer invitations or contact AWS Support to request
  7423  //      an increase in the number of accounts. Deleted and closed accounts still
  7424  //      count toward your limit. If you get this exception when running a command
  7425  //      immediately after creating the organization, wait one hour and try again.
  7426  //      After an hour, if the command continues to fail with this error, contact
  7427  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  7428  //
  7429  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  7430  //      register the management account of the organization as a delegated administrator
  7431  //      for an AWS service integrated with Organizations. You can designate only
  7432  //      a member account as a delegated administrator.
  7433  //
  7434  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  7435  //      an account that is registered as a delegated administrator for a service
  7436  //      integrated with your organization. To complete this operation, you must
  7437  //      first deregister this account as a delegated administrator.
  7438  //
  7439  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  7440  //      organization in the specified region, you must enable all features mode.
  7441  //
  7442  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  7443  //      an AWS account as a delegated administrator for an AWS service that already
  7444  //      has a delegated administrator. To complete this operation, you must first
  7445  //      deregister any existing delegated administrators for this service.
  7446  //
  7447  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  7448  //      valid for a limited period of time. You must resubmit the request and
  7449  //      generate a new verfication code.
  7450  //
  7451  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  7452  //      handshakes that you can send in one day.
  7453  //
  7454  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  7455  //      in this organization, you first must migrate the organization's management
  7456  //      account to the marketplace that corresponds to the management account's
  7457  //      address. For example, accounts with India addresses must be associated
  7458  //      with the AISPL marketplace. All accounts in an organization must be associated
  7459  //      with the same marketplace.
  7460  //
  7461  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  7462  //      in China. To create an organization, the master must have a valid business
  7463  //      license. For more information, contact customer support.
  7464  //
  7465  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  7466  //      must first provide a valid contact address and phone number for the management
  7467  //      account. Then try the operation again.
  7468  //
  7469  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  7470  //      management account must have an associated account in the AWS GovCloud
  7471  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  7472  //      in the AWS GovCloud User Guide.
  7473  //
  7474  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  7475  //      with this management account, you first must associate a valid payment
  7476  //      instrument, such as a credit card, with the account. Follow the steps
  7477  //      at To leave an organization when all required account information has
  7478  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  7479  //      in the AWS Organizations User Guide.
  7480  //
  7481  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  7482  //      to register more delegated administrators than allowed for the service
  7483  //      principal.
  7484  //
  7485  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  7486  //      number of policies of a certain type that can be attached to an entity
  7487  //      at one time.
  7488  //
  7489  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  7490  //      on this resource.
  7491  //
  7492  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  7493  //      with this member account, you first must associate a valid payment instrument,
  7494  //      such as a credit card, with the account. Follow the steps at To leave
  7495  //      an organization when all required account information has not yet been
  7496  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  7497  //      in the AWS Organizations User Guide.
  7498  //
  7499  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  7500  //      policy from an entity that would cause the entity to have fewer than the
  7501  //      minimum number of policies of a certain type required.
  7502  //
  7503  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  7504  //      that requires the organization to be configured to support all features.
  7505  //      An organization that supports only consolidated billing features can't
  7506  //      perform this operation.
  7507  //
  7508  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  7509  //      too many levels deep.
  7510  //
  7511  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  7512  //      that you can have in an organization.
  7513  //
  7514  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  7515  //      is larger than the maximum size.
  7516  //
  7517  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  7518  //      policies that you can have in an organization.
  7519  //
  7520  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  7521  //      tags that are not compliant with the tag policy requirements for this
  7522  //      account.
  7523  //
  7524  //   * InvalidInputException
  7525  //   The requested operation failed because you provided invalid values for one
  7526  //   or more of the request parameters. This exception includes a reason that
  7527  //   contains additional information about the violated limit:
  7528  //
  7529  //   Some of the reasons in the following list might not be applicable to this
  7530  //   specific API or operation.
  7531  //
  7532  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  7533  //      the same entity.
  7534  //
  7535  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  7536  //      can't be modified.
  7537  //
  7538  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  7539  //
  7540  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  7541  //      for the invited account owner.
  7542  //
  7543  //      * INVALID_ENUM: You specified an invalid value.
  7544  //
  7545  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  7546  //
  7547  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  7548  //      characters.
  7549  //
  7550  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  7551  //      at least one invalid value.
  7552  //
  7553  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  7554  //      from the response to a previous call of the operation.
  7555  //
  7556  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  7557  //      organization, or email) as a party.
  7558  //
  7559  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  7560  //      pattern.
  7561  //
  7562  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  7563  //      match the required pattern.
  7564  //
  7565  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  7566  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  7567  //
  7568  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  7569  //      Name (ARN) for the organization.
  7570  //
  7571  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  7572  //
  7573  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  7574  //      tag. You can’t add, edit, or delete system tag keys because they're
  7575  //      reserved for AWS use. System tags don’t count against your tags per
  7576  //      resource limit.
  7577  //
  7578  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  7579  //      for the operation.
  7580  //
  7581  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  7582  //      than allowed.
  7583  //
  7584  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  7585  //      value than allowed.
  7586  //
  7587  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  7588  //      than allowed.
  7589  //
  7590  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  7591  //      value than allowed.
  7592  //
  7593  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  7594  //      between entities in the same root.
  7595  //
  7596  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  7597  //      target entity.
  7598  //
  7599  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  7600  //      isn't recognized.
  7601  //
  7602  //   * FinalizingOrganizationException
  7603  //   AWS Organizations couldn't perform the operation because your organization
  7604  //   hasn't finished initializing. This can take up to an hour. Try again later.
  7605  //   If after one hour you continue to receive this error, contact AWS Support
  7606  //   (https://console.aws.amazon.com/support/home#/).
  7607  //
  7608  //   * ServiceException
  7609  //   AWS Organizations can't complete your request because of an internal service
  7610  //   error. Try again later.
  7611  //
  7612  //   * TooManyRequestsException
  7613  //   You have sent too many requests in too short a period of time. The quota
  7614  //   helps protect against denial-of-service attacks. Try again later.
  7615  //
  7616  //   For information about quotas that affect AWS Organizations, see Quotas for
  7617  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  7618  //   the AWS Organizations User Guide.
  7619  //
  7620  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/InviteAccountToOrganization
  7621  func (c *Organizations) InviteAccountToOrganization(input *InviteAccountToOrganizationInput) (*InviteAccountToOrganizationOutput, error) {
  7622  	req, out := c.InviteAccountToOrganizationRequest(input)
  7623  	return out, req.Send()
  7624  }
  7625  
  7626  // InviteAccountToOrganizationWithContext is the same as InviteAccountToOrganization with the addition of
  7627  // the ability to pass a context and additional request options.
  7628  //
  7629  // See InviteAccountToOrganization for details on how to use this API operation.
  7630  //
  7631  // The context must be non-nil and will be used for request cancellation. If
  7632  // the context is nil a panic will occur. In the future the SDK may create
  7633  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  7634  // for more information on using Contexts.
  7635  func (c *Organizations) InviteAccountToOrganizationWithContext(ctx aws.Context, input *InviteAccountToOrganizationInput, opts ...request.Option) (*InviteAccountToOrganizationOutput, error) {
  7636  	req, out := c.InviteAccountToOrganizationRequest(input)
  7637  	req.SetContext(ctx)
  7638  	req.ApplyOptions(opts...)
  7639  	return out, req.Send()
  7640  }
  7641  
  7642  const opLeaveOrganization = "LeaveOrganization"
  7643  
  7644  // LeaveOrganizationRequest generates a "aws/request.Request" representing the
  7645  // client's request for the LeaveOrganization operation. The "output" return
  7646  // value will be populated with the request's response once the request completes
  7647  // successfully.
  7648  //
  7649  // Use "Send" method on the returned Request to send the API call to the service.
  7650  // the "output" return value is not valid until after Send returns without error.
  7651  //
  7652  // See LeaveOrganization for more information on using the LeaveOrganization
  7653  // API call, and error handling.
  7654  //
  7655  // This method is useful when you want to inject custom logic or configuration
  7656  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  7657  //
  7658  //
  7659  //    // Example sending a request using the LeaveOrganizationRequest method.
  7660  //    req, resp := client.LeaveOrganizationRequest(params)
  7661  //
  7662  //    err := req.Send()
  7663  //    if err == nil { // resp is now filled
  7664  //        fmt.Println(resp)
  7665  //    }
  7666  //
  7667  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
  7668  func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) (req *request.Request, output *LeaveOrganizationOutput) {
  7669  	op := &request.Operation{
  7670  		Name:       opLeaveOrganization,
  7671  		HTTPMethod: "POST",
  7672  		HTTPPath:   "/",
  7673  	}
  7674  
  7675  	if input == nil {
  7676  		input = &LeaveOrganizationInput{}
  7677  	}
  7678  
  7679  	output = &LeaveOrganizationOutput{}
  7680  	req = c.newRequest(op, input, output)
  7681  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
  7682  	return
  7683  }
  7684  
  7685  // LeaveOrganization API operation for AWS Organizations.
  7686  //
  7687  // Removes a member account from its parent organization. This version of the
  7688  // operation is performed by the account that wants to leave. To remove a member
  7689  // account as a user in the management account, use RemoveAccountFromOrganization
  7690  // instead.
  7691  //
  7692  // This operation can be called only from a member account in the organization.
  7693  //
  7694  //    * The management account in an organization with all features enabled
  7695  //    can set service control policies (SCPs) that can restrict what administrators
  7696  //    of member accounts can do. This includes preventing them from successfully
  7697  //    calling LeaveOrganization and leaving the organization.
  7698  //
  7699  //    * You can leave an organization as a member account only if the account
  7700  //    is configured with the information required to operate as a standalone
  7701  //    account. When you create an account in an organization using the AWS Organizations
  7702  //    console, API, or CLI commands, the information required of standalone
  7703  //    accounts is not automatically collected. For each account that you want
  7704  //    to make standalone, you must perform the following steps. If any of the
  7705  //    steps are already completed for this account, that step doesn't appear.
  7706  //    Choose a support plan Provide and verify the required contact information
  7707  //    Provide a current payment method AWS uses the payment method to charge
  7708  //    for any billable (not free tier) AWS activity that occurs while the account
  7709  //    isn't attached to an organization. Follow the steps at To leave an organization
  7710  //    when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  7711  //    in the AWS Organizations User Guide.
  7712  //
  7713  //    * The account that you want to leave must not be a delegated administrator
  7714  //    account for any AWS service enabled for your organization. If the account
  7715  //    is a delegated administrator, you must first change the delegated administrator
  7716  //    account to another account that is remaining in the organization.
  7717  //
  7718  //    * You can leave an organization only after you enable IAM user access
  7719  //    to billing in your account. For more information, see Activating Access
  7720  //    to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
  7721  //    in the AWS Billing and Cost Management User Guide.
  7722  //
  7723  //    * After the account leaves the organization, all tags that were attached
  7724  //    to the account object in the organization are deleted. AWS accounts outside
  7725  //    of an organization do not support tags.
  7726  //
  7727  //    * A newly created account has a waiting period before it can be removed
  7728  //    from its organization. If you get an error that indicates that a wait
  7729  //    period is required, then try again in a few days.
  7730  //
  7731  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  7732  // with awserr.Error's Code and Message methods to get detailed information about
  7733  // the error.
  7734  //
  7735  // See the AWS API reference guide for AWS Organizations's
  7736  // API operation LeaveOrganization for usage and error information.
  7737  //
  7738  // Returned Error Types:
  7739  //   * AccessDeniedException
  7740  //   You don't have permissions to perform the requested operation. The user or
  7741  //   role that is making the request must have at least one IAM permissions policy
  7742  //   attached that grants the required permissions. For more information, see
  7743  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  7744  //   in the IAM User Guide.
  7745  //
  7746  //   * AccountNotFoundException
  7747  //   We can't find an AWS account with the AccountId that you specified, or the
  7748  //   account whose credentials you used to make this request isn't a member of
  7749  //   an organization.
  7750  //
  7751  //   * AWSOrganizationsNotInUseException
  7752  //   Your account isn't a member of an organization. To make this request, you
  7753  //   must use the credentials of an account that belongs to an organization.
  7754  //
  7755  //   * ConcurrentModificationException
  7756  //   The target of the operation is currently being modified by a different request.
  7757  //   Try again later.
  7758  //
  7759  //   * ConstraintViolationException
  7760  //   Performing this operation violates a minimum or maximum value limit. For
  7761  //   example, attempting to remove the last service control policy (SCP) from
  7762  //   an OU or root, inviting or creating too many accounts to the organization,
  7763  //   or attaching too many policies to an account, OU, or root. This exception
  7764  //   includes a reason that contains additional information about the violated
  7765  //   limit:
  7766  //
  7767  //   Some of the reasons in the following list might not be applicable to this
  7768  //   specific API or operation.
  7769  //
  7770  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  7771  //      account from the organization. You can't remove the management account.
  7772  //      Instead, after you remove all member accounts, delete the organization
  7773  //      itself.
  7774  //
  7775  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  7776  //      from the organization that doesn't yet have enough information to exist
  7777  //      as a standalone account. This account requires you to first agree to the
  7778  //      AWS Customer Agreement. Follow the steps at Removing a member account
  7779  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  7780  //      the AWS Organizations User Guide.
  7781  //
  7782  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  7783  //      an account from the organization that doesn't yet have enough information
  7784  //      to exist as a standalone account. This account requires you to first complete
  7785  //      phone verification. Follow the steps at Removing a member account from
  7786  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  7787  //      in the AWS Organizations User Guide.
  7788  //
  7789  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  7790  //      of accounts that you can create in one day.
  7791  //
  7792  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  7793  //      the number of accounts in an organization. If you need more accounts,
  7794  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  7795  //      request an increase in your limit. Or the number of invitations that you
  7796  //      tried to send would cause you to exceed the limit of accounts in your
  7797  //      organization. Send fewer invitations or contact AWS Support to request
  7798  //      an increase in the number of accounts. Deleted and closed accounts still
  7799  //      count toward your limit. If you get this exception when running a command
  7800  //      immediately after creating the organization, wait one hour and try again.
  7801  //      After an hour, if the command continues to fail with this error, contact
  7802  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  7803  //
  7804  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  7805  //      register the management account of the organization as a delegated administrator
  7806  //      for an AWS service integrated with Organizations. You can designate only
  7807  //      a member account as a delegated administrator.
  7808  //
  7809  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  7810  //      an account that is registered as a delegated administrator for a service
  7811  //      integrated with your organization. To complete this operation, you must
  7812  //      first deregister this account as a delegated administrator.
  7813  //
  7814  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  7815  //      organization in the specified region, you must enable all features mode.
  7816  //
  7817  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  7818  //      an AWS account as a delegated administrator for an AWS service that already
  7819  //      has a delegated administrator. To complete this operation, you must first
  7820  //      deregister any existing delegated administrators for this service.
  7821  //
  7822  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  7823  //      valid for a limited period of time. You must resubmit the request and
  7824  //      generate a new verfication code.
  7825  //
  7826  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  7827  //      handshakes that you can send in one day.
  7828  //
  7829  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  7830  //      in this organization, you first must migrate the organization's management
  7831  //      account to the marketplace that corresponds to the management account's
  7832  //      address. For example, accounts with India addresses must be associated
  7833  //      with the AISPL marketplace. All accounts in an organization must be associated
  7834  //      with the same marketplace.
  7835  //
  7836  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  7837  //      in China. To create an organization, the master must have a valid business
  7838  //      license. For more information, contact customer support.
  7839  //
  7840  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  7841  //      must first provide a valid contact address and phone number for the management
  7842  //      account. Then try the operation again.
  7843  //
  7844  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  7845  //      management account must have an associated account in the AWS GovCloud
  7846  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  7847  //      in the AWS GovCloud User Guide.
  7848  //
  7849  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  7850  //      with this management account, you first must associate a valid payment
  7851  //      instrument, such as a credit card, with the account. Follow the steps
  7852  //      at To leave an organization when all required account information has
  7853  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  7854  //      in the AWS Organizations User Guide.
  7855  //
  7856  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  7857  //      to register more delegated administrators than allowed for the service
  7858  //      principal.
  7859  //
  7860  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  7861  //      number of policies of a certain type that can be attached to an entity
  7862  //      at one time.
  7863  //
  7864  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  7865  //      on this resource.
  7866  //
  7867  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  7868  //      with this member account, you first must associate a valid payment instrument,
  7869  //      such as a credit card, with the account. Follow the steps at To leave
  7870  //      an organization when all required account information has not yet been
  7871  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  7872  //      in the AWS Organizations User Guide.
  7873  //
  7874  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  7875  //      policy from an entity that would cause the entity to have fewer than the
  7876  //      minimum number of policies of a certain type required.
  7877  //
  7878  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  7879  //      that requires the organization to be configured to support all features.
  7880  //      An organization that supports only consolidated billing features can't
  7881  //      perform this operation.
  7882  //
  7883  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  7884  //      too many levels deep.
  7885  //
  7886  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  7887  //      that you can have in an organization.
  7888  //
  7889  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  7890  //      is larger than the maximum size.
  7891  //
  7892  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  7893  //      policies that you can have in an organization.
  7894  //
  7895  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  7896  //      tags that are not compliant with the tag policy requirements for this
  7897  //      account.
  7898  //
  7899  //   * InvalidInputException
  7900  //   The requested operation failed because you provided invalid values for one
  7901  //   or more of the request parameters. This exception includes a reason that
  7902  //   contains additional information about the violated limit:
  7903  //
  7904  //   Some of the reasons in the following list might not be applicable to this
  7905  //   specific API or operation.
  7906  //
  7907  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  7908  //      the same entity.
  7909  //
  7910  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  7911  //      can't be modified.
  7912  //
  7913  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  7914  //
  7915  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  7916  //      for the invited account owner.
  7917  //
  7918  //      * INVALID_ENUM: You specified an invalid value.
  7919  //
  7920  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  7921  //
  7922  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  7923  //      characters.
  7924  //
  7925  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  7926  //      at least one invalid value.
  7927  //
  7928  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  7929  //      from the response to a previous call of the operation.
  7930  //
  7931  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  7932  //      organization, or email) as a party.
  7933  //
  7934  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  7935  //      pattern.
  7936  //
  7937  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  7938  //      match the required pattern.
  7939  //
  7940  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  7941  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  7942  //
  7943  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  7944  //      Name (ARN) for the organization.
  7945  //
  7946  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  7947  //
  7948  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  7949  //      tag. You can’t add, edit, or delete system tag keys because they're
  7950  //      reserved for AWS use. System tags don’t count against your tags per
  7951  //      resource limit.
  7952  //
  7953  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  7954  //      for the operation.
  7955  //
  7956  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  7957  //      than allowed.
  7958  //
  7959  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  7960  //      value than allowed.
  7961  //
  7962  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  7963  //      than allowed.
  7964  //
  7965  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  7966  //      value than allowed.
  7967  //
  7968  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  7969  //      between entities in the same root.
  7970  //
  7971  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  7972  //      target entity.
  7973  //
  7974  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  7975  //      isn't recognized.
  7976  //
  7977  //   * MasterCannotLeaveOrganizationException
  7978  //   You can't remove a management account from an organization. If you want the
  7979  //   management account to become a member account in another organization, you
  7980  //   must first delete the current organization of the management account.
  7981  //
  7982  //   * ServiceException
  7983  //   AWS Organizations can't complete your request because of an internal service
  7984  //   error. Try again later.
  7985  //
  7986  //   * TooManyRequestsException
  7987  //   You have sent too many requests in too short a period of time. The quota
  7988  //   helps protect against denial-of-service attacks. Try again later.
  7989  //
  7990  //   For information about quotas that affect AWS Organizations, see Quotas for
  7991  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  7992  //   the AWS Organizations User Guide.
  7993  //
  7994  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/LeaveOrganization
  7995  func (c *Organizations) LeaveOrganization(input *LeaveOrganizationInput) (*LeaveOrganizationOutput, error) {
  7996  	req, out := c.LeaveOrganizationRequest(input)
  7997  	return out, req.Send()
  7998  }
  7999  
  8000  // LeaveOrganizationWithContext is the same as LeaveOrganization with the addition of
  8001  // the ability to pass a context and additional request options.
  8002  //
  8003  // See LeaveOrganization for details on how to use this API operation.
  8004  //
  8005  // The context must be non-nil and will be used for request cancellation. If
  8006  // the context is nil a panic will occur. In the future the SDK may create
  8007  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  8008  // for more information on using Contexts.
  8009  func (c *Organizations) LeaveOrganizationWithContext(ctx aws.Context, input *LeaveOrganizationInput, opts ...request.Option) (*LeaveOrganizationOutput, error) {
  8010  	req, out := c.LeaveOrganizationRequest(input)
  8011  	req.SetContext(ctx)
  8012  	req.ApplyOptions(opts...)
  8013  	return out, req.Send()
  8014  }
  8015  
  8016  const opListAWSServiceAccessForOrganization = "ListAWSServiceAccessForOrganization"
  8017  
  8018  // ListAWSServiceAccessForOrganizationRequest generates a "aws/request.Request" representing the
  8019  // client's request for the ListAWSServiceAccessForOrganization operation. The "output" return
  8020  // value will be populated with the request's response once the request completes
  8021  // successfully.
  8022  //
  8023  // Use "Send" method on the returned Request to send the API call to the service.
  8024  // the "output" return value is not valid until after Send returns without error.
  8025  //
  8026  // See ListAWSServiceAccessForOrganization for more information on using the ListAWSServiceAccessForOrganization
  8027  // API call, and error handling.
  8028  //
  8029  // This method is useful when you want to inject custom logic or configuration
  8030  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  8031  //
  8032  //
  8033  //    // Example sending a request using the ListAWSServiceAccessForOrganizationRequest method.
  8034  //    req, resp := client.ListAWSServiceAccessForOrganizationRequest(params)
  8035  //
  8036  //    err := req.Send()
  8037  //    if err == nil { // resp is now filled
  8038  //        fmt.Println(resp)
  8039  //    }
  8040  //
  8041  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
  8042  func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAWSServiceAccessForOrganizationInput) (req *request.Request, output *ListAWSServiceAccessForOrganizationOutput) {
  8043  	op := &request.Operation{
  8044  		Name:       opListAWSServiceAccessForOrganization,
  8045  		HTTPMethod: "POST",
  8046  		HTTPPath:   "/",
  8047  		Paginator: &request.Paginator{
  8048  			InputTokens:     []string{"NextToken"},
  8049  			OutputTokens:    []string{"NextToken"},
  8050  			LimitToken:      "MaxResults",
  8051  			TruncationToken: "",
  8052  		},
  8053  	}
  8054  
  8055  	if input == nil {
  8056  		input = &ListAWSServiceAccessForOrganizationInput{}
  8057  	}
  8058  
  8059  	output = &ListAWSServiceAccessForOrganizationOutput{}
  8060  	req = c.newRequest(op, input, output)
  8061  	return
  8062  }
  8063  
  8064  // ListAWSServiceAccessForOrganization API operation for AWS Organizations.
  8065  //
  8066  // Returns a list of the AWS services that you enabled to integrate with your
  8067  // organization. After a service on this list creates the resources that it
  8068  // requires for the integration, it can perform operations on your organization
  8069  // and its accounts.
  8070  //
  8071  // For more information about integrating other services with AWS Organizations,
  8072  // including the list of services that currently work with Organizations, see
  8073  // Integrating AWS Organizations with Other AWS Services (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html)
  8074  // in the AWS Organizations User Guide.
  8075  //
  8076  // This operation can be called only from the organization's management account
  8077  // or by a member account that is a delegated administrator for an AWS service.
  8078  //
  8079  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  8080  // with awserr.Error's Code and Message methods to get detailed information about
  8081  // the error.
  8082  //
  8083  // See the AWS API reference guide for AWS Organizations's
  8084  // API operation ListAWSServiceAccessForOrganization for usage and error information.
  8085  //
  8086  // Returned Error Types:
  8087  //   * AccessDeniedException
  8088  //   You don't have permissions to perform the requested operation. The user or
  8089  //   role that is making the request must have at least one IAM permissions policy
  8090  //   attached that grants the required permissions. For more information, see
  8091  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  8092  //   in the IAM User Guide.
  8093  //
  8094  //   * AWSOrganizationsNotInUseException
  8095  //   Your account isn't a member of an organization. To make this request, you
  8096  //   must use the credentials of an account that belongs to an organization.
  8097  //
  8098  //   * ConstraintViolationException
  8099  //   Performing this operation violates a minimum or maximum value limit. For
  8100  //   example, attempting to remove the last service control policy (SCP) from
  8101  //   an OU or root, inviting or creating too many accounts to the organization,
  8102  //   or attaching too many policies to an account, OU, or root. This exception
  8103  //   includes a reason that contains additional information about the violated
  8104  //   limit:
  8105  //
  8106  //   Some of the reasons in the following list might not be applicable to this
  8107  //   specific API or operation.
  8108  //
  8109  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  8110  //      account from the organization. You can't remove the management account.
  8111  //      Instead, after you remove all member accounts, delete the organization
  8112  //      itself.
  8113  //
  8114  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  8115  //      from the organization that doesn't yet have enough information to exist
  8116  //      as a standalone account. This account requires you to first agree to the
  8117  //      AWS Customer Agreement. Follow the steps at Removing a member account
  8118  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  8119  //      the AWS Organizations User Guide.
  8120  //
  8121  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  8122  //      an account from the organization that doesn't yet have enough information
  8123  //      to exist as a standalone account. This account requires you to first complete
  8124  //      phone verification. Follow the steps at Removing a member account from
  8125  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  8126  //      in the AWS Organizations User Guide.
  8127  //
  8128  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  8129  //      of accounts that you can create in one day.
  8130  //
  8131  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  8132  //      the number of accounts in an organization. If you need more accounts,
  8133  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  8134  //      request an increase in your limit. Or the number of invitations that you
  8135  //      tried to send would cause you to exceed the limit of accounts in your
  8136  //      organization. Send fewer invitations or contact AWS Support to request
  8137  //      an increase in the number of accounts. Deleted and closed accounts still
  8138  //      count toward your limit. If you get this exception when running a command
  8139  //      immediately after creating the organization, wait one hour and try again.
  8140  //      After an hour, if the command continues to fail with this error, contact
  8141  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  8142  //
  8143  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  8144  //      register the management account of the organization as a delegated administrator
  8145  //      for an AWS service integrated with Organizations. You can designate only
  8146  //      a member account as a delegated administrator.
  8147  //
  8148  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  8149  //      an account that is registered as a delegated administrator for a service
  8150  //      integrated with your organization. To complete this operation, you must
  8151  //      first deregister this account as a delegated administrator.
  8152  //
  8153  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  8154  //      organization in the specified region, you must enable all features mode.
  8155  //
  8156  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  8157  //      an AWS account as a delegated administrator for an AWS service that already
  8158  //      has a delegated administrator. To complete this operation, you must first
  8159  //      deregister any existing delegated administrators for this service.
  8160  //
  8161  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  8162  //      valid for a limited period of time. You must resubmit the request and
  8163  //      generate a new verfication code.
  8164  //
  8165  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  8166  //      handshakes that you can send in one day.
  8167  //
  8168  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  8169  //      in this organization, you first must migrate the organization's management
  8170  //      account to the marketplace that corresponds to the management account's
  8171  //      address. For example, accounts with India addresses must be associated
  8172  //      with the AISPL marketplace. All accounts in an organization must be associated
  8173  //      with the same marketplace.
  8174  //
  8175  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  8176  //      in China. To create an organization, the master must have a valid business
  8177  //      license. For more information, contact customer support.
  8178  //
  8179  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  8180  //      must first provide a valid contact address and phone number for the management
  8181  //      account. Then try the operation again.
  8182  //
  8183  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  8184  //      management account must have an associated account in the AWS GovCloud
  8185  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  8186  //      in the AWS GovCloud User Guide.
  8187  //
  8188  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  8189  //      with this management account, you first must associate a valid payment
  8190  //      instrument, such as a credit card, with the account. Follow the steps
  8191  //      at To leave an organization when all required account information has
  8192  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  8193  //      in the AWS Organizations User Guide.
  8194  //
  8195  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  8196  //      to register more delegated administrators than allowed for the service
  8197  //      principal.
  8198  //
  8199  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  8200  //      number of policies of a certain type that can be attached to an entity
  8201  //      at one time.
  8202  //
  8203  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  8204  //      on this resource.
  8205  //
  8206  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  8207  //      with this member account, you first must associate a valid payment instrument,
  8208  //      such as a credit card, with the account. Follow the steps at To leave
  8209  //      an organization when all required account information has not yet been
  8210  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  8211  //      in the AWS Organizations User Guide.
  8212  //
  8213  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  8214  //      policy from an entity that would cause the entity to have fewer than the
  8215  //      minimum number of policies of a certain type required.
  8216  //
  8217  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  8218  //      that requires the organization to be configured to support all features.
  8219  //      An organization that supports only consolidated billing features can't
  8220  //      perform this operation.
  8221  //
  8222  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  8223  //      too many levels deep.
  8224  //
  8225  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  8226  //      that you can have in an organization.
  8227  //
  8228  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  8229  //      is larger than the maximum size.
  8230  //
  8231  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  8232  //      policies that you can have in an organization.
  8233  //
  8234  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  8235  //      tags that are not compliant with the tag policy requirements for this
  8236  //      account.
  8237  //
  8238  //   * InvalidInputException
  8239  //   The requested operation failed because you provided invalid values for one
  8240  //   or more of the request parameters. This exception includes a reason that
  8241  //   contains additional information about the violated limit:
  8242  //
  8243  //   Some of the reasons in the following list might not be applicable to this
  8244  //   specific API or operation.
  8245  //
  8246  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  8247  //      the same entity.
  8248  //
  8249  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  8250  //      can't be modified.
  8251  //
  8252  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  8253  //
  8254  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  8255  //      for the invited account owner.
  8256  //
  8257  //      * INVALID_ENUM: You specified an invalid value.
  8258  //
  8259  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  8260  //
  8261  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  8262  //      characters.
  8263  //
  8264  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  8265  //      at least one invalid value.
  8266  //
  8267  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  8268  //      from the response to a previous call of the operation.
  8269  //
  8270  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  8271  //      organization, or email) as a party.
  8272  //
  8273  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  8274  //      pattern.
  8275  //
  8276  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  8277  //      match the required pattern.
  8278  //
  8279  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  8280  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  8281  //
  8282  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  8283  //      Name (ARN) for the organization.
  8284  //
  8285  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  8286  //
  8287  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  8288  //      tag. You can’t add, edit, or delete system tag keys because they're
  8289  //      reserved for AWS use. System tags don’t count against your tags per
  8290  //      resource limit.
  8291  //
  8292  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  8293  //      for the operation.
  8294  //
  8295  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  8296  //      than allowed.
  8297  //
  8298  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  8299  //      value than allowed.
  8300  //
  8301  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  8302  //      than allowed.
  8303  //
  8304  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  8305  //      value than allowed.
  8306  //
  8307  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  8308  //      between entities in the same root.
  8309  //
  8310  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  8311  //      target entity.
  8312  //
  8313  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  8314  //      isn't recognized.
  8315  //
  8316  //   * ServiceException
  8317  //   AWS Organizations can't complete your request because of an internal service
  8318  //   error. Try again later.
  8319  //
  8320  //   * TooManyRequestsException
  8321  //   You have sent too many requests in too short a period of time. The quota
  8322  //   helps protect against denial-of-service attacks. Try again later.
  8323  //
  8324  //   For information about quotas that affect AWS Organizations, see Quotas for
  8325  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  8326  //   the AWS Organizations User Guide.
  8327  //
  8328  //   * UnsupportedAPIEndpointException
  8329  //   This action isn't available in the current AWS Region.
  8330  //
  8331  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAWSServiceAccessForOrganization
  8332  func (c *Organizations) ListAWSServiceAccessForOrganization(input *ListAWSServiceAccessForOrganizationInput) (*ListAWSServiceAccessForOrganizationOutput, error) {
  8333  	req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
  8334  	return out, req.Send()
  8335  }
  8336  
  8337  // ListAWSServiceAccessForOrganizationWithContext is the same as ListAWSServiceAccessForOrganization with the addition of
  8338  // the ability to pass a context and additional request options.
  8339  //
  8340  // See ListAWSServiceAccessForOrganization for details on how to use this API operation.
  8341  //
  8342  // The context must be non-nil and will be used for request cancellation. If
  8343  // the context is nil a panic will occur. In the future the SDK may create
  8344  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  8345  // for more information on using Contexts.
  8346  func (c *Organizations) ListAWSServiceAccessForOrganizationWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, opts ...request.Option) (*ListAWSServiceAccessForOrganizationOutput, error) {
  8347  	req, out := c.ListAWSServiceAccessForOrganizationRequest(input)
  8348  	req.SetContext(ctx)
  8349  	req.ApplyOptions(opts...)
  8350  	return out, req.Send()
  8351  }
  8352  
  8353  // ListAWSServiceAccessForOrganizationPages iterates over the pages of a ListAWSServiceAccessForOrganization operation,
  8354  // calling the "fn" function with the response data for each page. To stop
  8355  // iterating, return false from the fn function.
  8356  //
  8357  // See ListAWSServiceAccessForOrganization method for more information on how to use this operation.
  8358  //
  8359  // Note: This operation can generate multiple requests to a service.
  8360  //
  8361  //    // Example iterating over at most 3 pages of a ListAWSServiceAccessForOrganization operation.
  8362  //    pageNum := 0
  8363  //    err := client.ListAWSServiceAccessForOrganizationPages(params,
  8364  //        func(page *organizations.ListAWSServiceAccessForOrganizationOutput, lastPage bool) bool {
  8365  //            pageNum++
  8366  //            fmt.Println(page)
  8367  //            return pageNum <= 3
  8368  //        })
  8369  //
  8370  func (c *Organizations) ListAWSServiceAccessForOrganizationPages(input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool) error {
  8371  	return c.ListAWSServiceAccessForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
  8372  }
  8373  
  8374  // ListAWSServiceAccessForOrganizationPagesWithContext same as ListAWSServiceAccessForOrganizationPages except
  8375  // it takes a Context and allows setting request options on the pages.
  8376  //
  8377  // The context must be non-nil and will be used for request cancellation. If
  8378  // the context is nil a panic will occur. In the future the SDK may create
  8379  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  8380  // for more information on using Contexts.
  8381  func (c *Organizations) ListAWSServiceAccessForOrganizationPagesWithContext(ctx aws.Context, input *ListAWSServiceAccessForOrganizationInput, fn func(*ListAWSServiceAccessForOrganizationOutput, bool) bool, opts ...request.Option) error {
  8382  	p := request.Pagination{
  8383  		NewRequest: func() (*request.Request, error) {
  8384  			var inCpy *ListAWSServiceAccessForOrganizationInput
  8385  			if input != nil {
  8386  				tmp := *input
  8387  				inCpy = &tmp
  8388  			}
  8389  			req, _ := c.ListAWSServiceAccessForOrganizationRequest(inCpy)
  8390  			req.SetContext(ctx)
  8391  			req.ApplyOptions(opts...)
  8392  			return req, nil
  8393  		},
  8394  	}
  8395  
  8396  	for p.Next() {
  8397  		if !fn(p.Page().(*ListAWSServiceAccessForOrganizationOutput), !p.HasNextPage()) {
  8398  			break
  8399  		}
  8400  	}
  8401  
  8402  	return p.Err()
  8403  }
  8404  
  8405  const opListAccounts = "ListAccounts"
  8406  
  8407  // ListAccountsRequest generates a "aws/request.Request" representing the
  8408  // client's request for the ListAccounts operation. The "output" return
  8409  // value will be populated with the request's response once the request completes
  8410  // successfully.
  8411  //
  8412  // Use "Send" method on the returned Request to send the API call to the service.
  8413  // the "output" return value is not valid until after Send returns without error.
  8414  //
  8415  // See ListAccounts for more information on using the ListAccounts
  8416  // API call, and error handling.
  8417  //
  8418  // This method is useful when you want to inject custom logic or configuration
  8419  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  8420  //
  8421  //
  8422  //    // Example sending a request using the ListAccountsRequest method.
  8423  //    req, resp := client.ListAccountsRequest(params)
  8424  //
  8425  //    err := req.Send()
  8426  //    if err == nil { // resp is now filled
  8427  //        fmt.Println(resp)
  8428  //    }
  8429  //
  8430  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
  8431  func (c *Organizations) ListAccountsRequest(input *ListAccountsInput) (req *request.Request, output *ListAccountsOutput) {
  8432  	op := &request.Operation{
  8433  		Name:       opListAccounts,
  8434  		HTTPMethod: "POST",
  8435  		HTTPPath:   "/",
  8436  		Paginator: &request.Paginator{
  8437  			InputTokens:     []string{"NextToken"},
  8438  			OutputTokens:    []string{"NextToken"},
  8439  			LimitToken:      "MaxResults",
  8440  			TruncationToken: "",
  8441  		},
  8442  	}
  8443  
  8444  	if input == nil {
  8445  		input = &ListAccountsInput{}
  8446  	}
  8447  
  8448  	output = &ListAccountsOutput{}
  8449  	req = c.newRequest(op, input, output)
  8450  	return
  8451  }
  8452  
  8453  // ListAccounts API operation for AWS Organizations.
  8454  //
  8455  // Lists all the accounts in the organization. To request only the accounts
  8456  // in a specified root or organizational unit (OU), use the ListAccountsForParent
  8457  // operation instead.
  8458  //
  8459  // Always check the NextToken response parameter for a null value when calling
  8460  // a List* operation. These operations can occasionally return an empty set
  8461  // of results even when there are more results available. The NextToken response
  8462  // parameter value is null only when there are no more results to display.
  8463  //
  8464  // This operation can be called only from the organization's management account
  8465  // or by a member account that is a delegated administrator for an AWS service.
  8466  //
  8467  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  8468  // with awserr.Error's Code and Message methods to get detailed information about
  8469  // the error.
  8470  //
  8471  // See the AWS API reference guide for AWS Organizations's
  8472  // API operation ListAccounts for usage and error information.
  8473  //
  8474  // Returned Error Types:
  8475  //   * AccessDeniedException
  8476  //   You don't have permissions to perform the requested operation. The user or
  8477  //   role that is making the request must have at least one IAM permissions policy
  8478  //   attached that grants the required permissions. For more information, see
  8479  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  8480  //   in the IAM User Guide.
  8481  //
  8482  //   * AWSOrganizationsNotInUseException
  8483  //   Your account isn't a member of an organization. To make this request, you
  8484  //   must use the credentials of an account that belongs to an organization.
  8485  //
  8486  //   * InvalidInputException
  8487  //   The requested operation failed because you provided invalid values for one
  8488  //   or more of the request parameters. This exception includes a reason that
  8489  //   contains additional information about the violated limit:
  8490  //
  8491  //   Some of the reasons in the following list might not be applicable to this
  8492  //   specific API or operation.
  8493  //
  8494  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  8495  //      the same entity.
  8496  //
  8497  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  8498  //      can't be modified.
  8499  //
  8500  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  8501  //
  8502  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  8503  //      for the invited account owner.
  8504  //
  8505  //      * INVALID_ENUM: You specified an invalid value.
  8506  //
  8507  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  8508  //
  8509  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  8510  //      characters.
  8511  //
  8512  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  8513  //      at least one invalid value.
  8514  //
  8515  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  8516  //      from the response to a previous call of the operation.
  8517  //
  8518  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  8519  //      organization, or email) as a party.
  8520  //
  8521  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  8522  //      pattern.
  8523  //
  8524  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  8525  //      match the required pattern.
  8526  //
  8527  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  8528  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  8529  //
  8530  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  8531  //      Name (ARN) for the organization.
  8532  //
  8533  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  8534  //
  8535  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  8536  //      tag. You can’t add, edit, or delete system tag keys because they're
  8537  //      reserved for AWS use. System tags don’t count against your tags per
  8538  //      resource limit.
  8539  //
  8540  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  8541  //      for the operation.
  8542  //
  8543  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  8544  //      than allowed.
  8545  //
  8546  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  8547  //      value than allowed.
  8548  //
  8549  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  8550  //      than allowed.
  8551  //
  8552  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  8553  //      value than allowed.
  8554  //
  8555  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  8556  //      between entities in the same root.
  8557  //
  8558  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  8559  //      target entity.
  8560  //
  8561  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  8562  //      isn't recognized.
  8563  //
  8564  //   * ServiceException
  8565  //   AWS Organizations can't complete your request because of an internal service
  8566  //   error. Try again later.
  8567  //
  8568  //   * TooManyRequestsException
  8569  //   You have sent too many requests in too short a period of time. The quota
  8570  //   helps protect against denial-of-service attacks. Try again later.
  8571  //
  8572  //   For information about quotas that affect AWS Organizations, see Quotas for
  8573  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  8574  //   the AWS Organizations User Guide.
  8575  //
  8576  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccounts
  8577  func (c *Organizations) ListAccounts(input *ListAccountsInput) (*ListAccountsOutput, error) {
  8578  	req, out := c.ListAccountsRequest(input)
  8579  	return out, req.Send()
  8580  }
  8581  
  8582  // ListAccountsWithContext is the same as ListAccounts with the addition of
  8583  // the ability to pass a context and additional request options.
  8584  //
  8585  // See ListAccounts for details on how to use this API operation.
  8586  //
  8587  // The context must be non-nil and will be used for request cancellation. If
  8588  // the context is nil a panic will occur. In the future the SDK may create
  8589  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  8590  // for more information on using Contexts.
  8591  func (c *Organizations) ListAccountsWithContext(ctx aws.Context, input *ListAccountsInput, opts ...request.Option) (*ListAccountsOutput, error) {
  8592  	req, out := c.ListAccountsRequest(input)
  8593  	req.SetContext(ctx)
  8594  	req.ApplyOptions(opts...)
  8595  	return out, req.Send()
  8596  }
  8597  
  8598  // ListAccountsPages iterates over the pages of a ListAccounts operation,
  8599  // calling the "fn" function with the response data for each page. To stop
  8600  // iterating, return false from the fn function.
  8601  //
  8602  // See ListAccounts method for more information on how to use this operation.
  8603  //
  8604  // Note: This operation can generate multiple requests to a service.
  8605  //
  8606  //    // Example iterating over at most 3 pages of a ListAccounts operation.
  8607  //    pageNum := 0
  8608  //    err := client.ListAccountsPages(params,
  8609  //        func(page *organizations.ListAccountsOutput, lastPage bool) bool {
  8610  //            pageNum++
  8611  //            fmt.Println(page)
  8612  //            return pageNum <= 3
  8613  //        })
  8614  //
  8615  func (c *Organizations) ListAccountsPages(input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool) error {
  8616  	return c.ListAccountsPagesWithContext(aws.BackgroundContext(), input, fn)
  8617  }
  8618  
  8619  // ListAccountsPagesWithContext same as ListAccountsPages except
  8620  // it takes a Context and allows setting request options on the pages.
  8621  //
  8622  // The context must be non-nil and will be used for request cancellation. If
  8623  // the context is nil a panic will occur. In the future the SDK may create
  8624  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  8625  // for more information on using Contexts.
  8626  func (c *Organizations) ListAccountsPagesWithContext(ctx aws.Context, input *ListAccountsInput, fn func(*ListAccountsOutput, bool) bool, opts ...request.Option) error {
  8627  	p := request.Pagination{
  8628  		NewRequest: func() (*request.Request, error) {
  8629  			var inCpy *ListAccountsInput
  8630  			if input != nil {
  8631  				tmp := *input
  8632  				inCpy = &tmp
  8633  			}
  8634  			req, _ := c.ListAccountsRequest(inCpy)
  8635  			req.SetContext(ctx)
  8636  			req.ApplyOptions(opts...)
  8637  			return req, nil
  8638  		},
  8639  	}
  8640  
  8641  	for p.Next() {
  8642  		if !fn(p.Page().(*ListAccountsOutput), !p.HasNextPage()) {
  8643  			break
  8644  		}
  8645  	}
  8646  
  8647  	return p.Err()
  8648  }
  8649  
  8650  const opListAccountsForParent = "ListAccountsForParent"
  8651  
  8652  // ListAccountsForParentRequest generates a "aws/request.Request" representing the
  8653  // client's request for the ListAccountsForParent operation. The "output" return
  8654  // value will be populated with the request's response once the request completes
  8655  // successfully.
  8656  //
  8657  // Use "Send" method on the returned Request to send the API call to the service.
  8658  // the "output" return value is not valid until after Send returns without error.
  8659  //
  8660  // See ListAccountsForParent for more information on using the ListAccountsForParent
  8661  // API call, and error handling.
  8662  //
  8663  // This method is useful when you want to inject custom logic or configuration
  8664  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  8665  //
  8666  //
  8667  //    // Example sending a request using the ListAccountsForParentRequest method.
  8668  //    req, resp := client.ListAccountsForParentRequest(params)
  8669  //
  8670  //    err := req.Send()
  8671  //    if err == nil { // resp is now filled
  8672  //        fmt.Println(resp)
  8673  //    }
  8674  //
  8675  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
  8676  func (c *Organizations) ListAccountsForParentRequest(input *ListAccountsForParentInput) (req *request.Request, output *ListAccountsForParentOutput) {
  8677  	op := &request.Operation{
  8678  		Name:       opListAccountsForParent,
  8679  		HTTPMethod: "POST",
  8680  		HTTPPath:   "/",
  8681  		Paginator: &request.Paginator{
  8682  			InputTokens:     []string{"NextToken"},
  8683  			OutputTokens:    []string{"NextToken"},
  8684  			LimitToken:      "MaxResults",
  8685  			TruncationToken: "",
  8686  		},
  8687  	}
  8688  
  8689  	if input == nil {
  8690  		input = &ListAccountsForParentInput{}
  8691  	}
  8692  
  8693  	output = &ListAccountsForParentOutput{}
  8694  	req = c.newRequest(op, input, output)
  8695  	return
  8696  }
  8697  
  8698  // ListAccountsForParent API operation for AWS Organizations.
  8699  //
  8700  // Lists the accounts in an organization that are contained by the specified
  8701  // target root or organizational unit (OU). If you specify the root, you get
  8702  // a list of all the accounts that aren't in any OU. If you specify an OU, you
  8703  // get a list of all the accounts in only that OU and not in any child OUs.
  8704  // To get a list of all accounts in the organization, use the ListAccounts operation.
  8705  //
  8706  // Always check the NextToken response parameter for a null value when calling
  8707  // a List* operation. These operations can occasionally return an empty set
  8708  // of results even when there are more results available. The NextToken response
  8709  // parameter value is null only when there are no more results to display.
  8710  //
  8711  // This operation can be called only from the organization's management account
  8712  // or by a member account that is a delegated administrator for an AWS service.
  8713  //
  8714  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  8715  // with awserr.Error's Code and Message methods to get detailed information about
  8716  // the error.
  8717  //
  8718  // See the AWS API reference guide for AWS Organizations's
  8719  // API operation ListAccountsForParent for usage and error information.
  8720  //
  8721  // Returned Error Types:
  8722  //   * AccessDeniedException
  8723  //   You don't have permissions to perform the requested operation. The user or
  8724  //   role that is making the request must have at least one IAM permissions policy
  8725  //   attached that grants the required permissions. For more information, see
  8726  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  8727  //   in the IAM User Guide.
  8728  //
  8729  //   * AWSOrganizationsNotInUseException
  8730  //   Your account isn't a member of an organization. To make this request, you
  8731  //   must use the credentials of an account that belongs to an organization.
  8732  //
  8733  //   * InvalidInputException
  8734  //   The requested operation failed because you provided invalid values for one
  8735  //   or more of the request parameters. This exception includes a reason that
  8736  //   contains additional information about the violated limit:
  8737  //
  8738  //   Some of the reasons in the following list might not be applicable to this
  8739  //   specific API or operation.
  8740  //
  8741  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  8742  //      the same entity.
  8743  //
  8744  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  8745  //      can't be modified.
  8746  //
  8747  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  8748  //
  8749  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  8750  //      for the invited account owner.
  8751  //
  8752  //      * INVALID_ENUM: You specified an invalid value.
  8753  //
  8754  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  8755  //
  8756  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  8757  //      characters.
  8758  //
  8759  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  8760  //      at least one invalid value.
  8761  //
  8762  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  8763  //      from the response to a previous call of the operation.
  8764  //
  8765  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  8766  //      organization, or email) as a party.
  8767  //
  8768  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  8769  //      pattern.
  8770  //
  8771  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  8772  //      match the required pattern.
  8773  //
  8774  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  8775  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  8776  //
  8777  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  8778  //      Name (ARN) for the organization.
  8779  //
  8780  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  8781  //
  8782  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  8783  //      tag. You can’t add, edit, or delete system tag keys because they're
  8784  //      reserved for AWS use. System tags don’t count against your tags per
  8785  //      resource limit.
  8786  //
  8787  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  8788  //      for the operation.
  8789  //
  8790  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  8791  //      than allowed.
  8792  //
  8793  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  8794  //      value than allowed.
  8795  //
  8796  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  8797  //      than allowed.
  8798  //
  8799  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  8800  //      value than allowed.
  8801  //
  8802  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  8803  //      between entities in the same root.
  8804  //
  8805  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  8806  //      target entity.
  8807  //
  8808  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  8809  //      isn't recognized.
  8810  //
  8811  //   * ParentNotFoundException
  8812  //   We can't find a root or OU with the ParentId that you specified.
  8813  //
  8814  //   * ServiceException
  8815  //   AWS Organizations can't complete your request because of an internal service
  8816  //   error. Try again later.
  8817  //
  8818  //   * TooManyRequestsException
  8819  //   You have sent too many requests in too short a period of time. The quota
  8820  //   helps protect against denial-of-service attacks. Try again later.
  8821  //
  8822  //   For information about quotas that affect AWS Organizations, see Quotas for
  8823  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  8824  //   the AWS Organizations User Guide.
  8825  //
  8826  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListAccountsForParent
  8827  func (c *Organizations) ListAccountsForParent(input *ListAccountsForParentInput) (*ListAccountsForParentOutput, error) {
  8828  	req, out := c.ListAccountsForParentRequest(input)
  8829  	return out, req.Send()
  8830  }
  8831  
  8832  // ListAccountsForParentWithContext is the same as ListAccountsForParent with the addition of
  8833  // the ability to pass a context and additional request options.
  8834  //
  8835  // See ListAccountsForParent for details on how to use this API operation.
  8836  //
  8837  // The context must be non-nil and will be used for request cancellation. If
  8838  // the context is nil a panic will occur. In the future the SDK may create
  8839  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  8840  // for more information on using Contexts.
  8841  func (c *Organizations) ListAccountsForParentWithContext(ctx aws.Context, input *ListAccountsForParentInput, opts ...request.Option) (*ListAccountsForParentOutput, error) {
  8842  	req, out := c.ListAccountsForParentRequest(input)
  8843  	req.SetContext(ctx)
  8844  	req.ApplyOptions(opts...)
  8845  	return out, req.Send()
  8846  }
  8847  
  8848  // ListAccountsForParentPages iterates over the pages of a ListAccountsForParent operation,
  8849  // calling the "fn" function with the response data for each page. To stop
  8850  // iterating, return false from the fn function.
  8851  //
  8852  // See ListAccountsForParent method for more information on how to use this operation.
  8853  //
  8854  // Note: This operation can generate multiple requests to a service.
  8855  //
  8856  //    // Example iterating over at most 3 pages of a ListAccountsForParent operation.
  8857  //    pageNum := 0
  8858  //    err := client.ListAccountsForParentPages(params,
  8859  //        func(page *organizations.ListAccountsForParentOutput, lastPage bool) bool {
  8860  //            pageNum++
  8861  //            fmt.Println(page)
  8862  //            return pageNum <= 3
  8863  //        })
  8864  //
  8865  func (c *Organizations) ListAccountsForParentPages(input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool) error {
  8866  	return c.ListAccountsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
  8867  }
  8868  
  8869  // ListAccountsForParentPagesWithContext same as ListAccountsForParentPages except
  8870  // it takes a Context and allows setting request options on the pages.
  8871  //
  8872  // The context must be non-nil and will be used for request cancellation. If
  8873  // the context is nil a panic will occur. In the future the SDK may create
  8874  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  8875  // for more information on using Contexts.
  8876  func (c *Organizations) ListAccountsForParentPagesWithContext(ctx aws.Context, input *ListAccountsForParentInput, fn func(*ListAccountsForParentOutput, bool) bool, opts ...request.Option) error {
  8877  	p := request.Pagination{
  8878  		NewRequest: func() (*request.Request, error) {
  8879  			var inCpy *ListAccountsForParentInput
  8880  			if input != nil {
  8881  				tmp := *input
  8882  				inCpy = &tmp
  8883  			}
  8884  			req, _ := c.ListAccountsForParentRequest(inCpy)
  8885  			req.SetContext(ctx)
  8886  			req.ApplyOptions(opts...)
  8887  			return req, nil
  8888  		},
  8889  	}
  8890  
  8891  	for p.Next() {
  8892  		if !fn(p.Page().(*ListAccountsForParentOutput), !p.HasNextPage()) {
  8893  			break
  8894  		}
  8895  	}
  8896  
  8897  	return p.Err()
  8898  }
  8899  
  8900  const opListChildren = "ListChildren"
  8901  
  8902  // ListChildrenRequest generates a "aws/request.Request" representing the
  8903  // client's request for the ListChildren operation. The "output" return
  8904  // value will be populated with the request's response once the request completes
  8905  // successfully.
  8906  //
  8907  // Use "Send" method on the returned Request to send the API call to the service.
  8908  // the "output" return value is not valid until after Send returns without error.
  8909  //
  8910  // See ListChildren for more information on using the ListChildren
  8911  // API call, and error handling.
  8912  //
  8913  // This method is useful when you want to inject custom logic or configuration
  8914  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  8915  //
  8916  //
  8917  //    // Example sending a request using the ListChildrenRequest method.
  8918  //    req, resp := client.ListChildrenRequest(params)
  8919  //
  8920  //    err := req.Send()
  8921  //    if err == nil { // resp is now filled
  8922  //        fmt.Println(resp)
  8923  //    }
  8924  //
  8925  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
  8926  func (c *Organizations) ListChildrenRequest(input *ListChildrenInput) (req *request.Request, output *ListChildrenOutput) {
  8927  	op := &request.Operation{
  8928  		Name:       opListChildren,
  8929  		HTTPMethod: "POST",
  8930  		HTTPPath:   "/",
  8931  		Paginator: &request.Paginator{
  8932  			InputTokens:     []string{"NextToken"},
  8933  			OutputTokens:    []string{"NextToken"},
  8934  			LimitToken:      "MaxResults",
  8935  			TruncationToken: "",
  8936  		},
  8937  	}
  8938  
  8939  	if input == nil {
  8940  		input = &ListChildrenInput{}
  8941  	}
  8942  
  8943  	output = &ListChildrenOutput{}
  8944  	req = c.newRequest(op, input, output)
  8945  	return
  8946  }
  8947  
  8948  // ListChildren API operation for AWS Organizations.
  8949  //
  8950  // Lists all of the organizational units (OUs) or accounts that are contained
  8951  // in the specified parent OU or root. This operation, along with ListParents
  8952  // enables you to traverse the tree structure that makes up this root.
  8953  //
  8954  // Always check the NextToken response parameter for a null value when calling
  8955  // a List* operation. These operations can occasionally return an empty set
  8956  // of results even when there are more results available. The NextToken response
  8957  // parameter value is null only when there are no more results to display.
  8958  //
  8959  // This operation can be called only from the organization's management account
  8960  // or by a member account that is a delegated administrator for an AWS service.
  8961  //
  8962  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  8963  // with awserr.Error's Code and Message methods to get detailed information about
  8964  // the error.
  8965  //
  8966  // See the AWS API reference guide for AWS Organizations's
  8967  // API operation ListChildren for usage and error information.
  8968  //
  8969  // Returned Error Types:
  8970  //   * AccessDeniedException
  8971  //   You don't have permissions to perform the requested operation. The user or
  8972  //   role that is making the request must have at least one IAM permissions policy
  8973  //   attached that grants the required permissions. For more information, see
  8974  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  8975  //   in the IAM User Guide.
  8976  //
  8977  //   * AWSOrganizationsNotInUseException
  8978  //   Your account isn't a member of an organization. To make this request, you
  8979  //   must use the credentials of an account that belongs to an organization.
  8980  //
  8981  //   * InvalidInputException
  8982  //   The requested operation failed because you provided invalid values for one
  8983  //   or more of the request parameters. This exception includes a reason that
  8984  //   contains additional information about the violated limit:
  8985  //
  8986  //   Some of the reasons in the following list might not be applicable to this
  8987  //   specific API or operation.
  8988  //
  8989  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  8990  //      the same entity.
  8991  //
  8992  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  8993  //      can't be modified.
  8994  //
  8995  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  8996  //
  8997  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  8998  //      for the invited account owner.
  8999  //
  9000  //      * INVALID_ENUM: You specified an invalid value.
  9001  //
  9002  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  9003  //
  9004  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  9005  //      characters.
  9006  //
  9007  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  9008  //      at least one invalid value.
  9009  //
  9010  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  9011  //      from the response to a previous call of the operation.
  9012  //
  9013  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  9014  //      organization, or email) as a party.
  9015  //
  9016  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  9017  //      pattern.
  9018  //
  9019  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  9020  //      match the required pattern.
  9021  //
  9022  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  9023  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  9024  //
  9025  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  9026  //      Name (ARN) for the organization.
  9027  //
  9028  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  9029  //
  9030  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  9031  //      tag. You can’t add, edit, or delete system tag keys because they're
  9032  //      reserved for AWS use. System tags don’t count against your tags per
  9033  //      resource limit.
  9034  //
  9035  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  9036  //      for the operation.
  9037  //
  9038  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  9039  //      than allowed.
  9040  //
  9041  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  9042  //      value than allowed.
  9043  //
  9044  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  9045  //      than allowed.
  9046  //
  9047  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  9048  //      value than allowed.
  9049  //
  9050  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  9051  //      between entities in the same root.
  9052  //
  9053  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  9054  //      target entity.
  9055  //
  9056  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  9057  //      isn't recognized.
  9058  //
  9059  //   * ParentNotFoundException
  9060  //   We can't find a root or OU with the ParentId that you specified.
  9061  //
  9062  //   * ServiceException
  9063  //   AWS Organizations can't complete your request because of an internal service
  9064  //   error. Try again later.
  9065  //
  9066  //   * TooManyRequestsException
  9067  //   You have sent too many requests in too short a period of time. The quota
  9068  //   helps protect against denial-of-service attacks. Try again later.
  9069  //
  9070  //   For information about quotas that affect AWS Organizations, see Quotas for
  9071  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  9072  //   the AWS Organizations User Guide.
  9073  //
  9074  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListChildren
  9075  func (c *Organizations) ListChildren(input *ListChildrenInput) (*ListChildrenOutput, error) {
  9076  	req, out := c.ListChildrenRequest(input)
  9077  	return out, req.Send()
  9078  }
  9079  
  9080  // ListChildrenWithContext is the same as ListChildren with the addition of
  9081  // the ability to pass a context and additional request options.
  9082  //
  9083  // See ListChildren for details on how to use this API operation.
  9084  //
  9085  // The context must be non-nil and will be used for request cancellation. If
  9086  // the context is nil a panic will occur. In the future the SDK may create
  9087  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  9088  // for more information on using Contexts.
  9089  func (c *Organizations) ListChildrenWithContext(ctx aws.Context, input *ListChildrenInput, opts ...request.Option) (*ListChildrenOutput, error) {
  9090  	req, out := c.ListChildrenRequest(input)
  9091  	req.SetContext(ctx)
  9092  	req.ApplyOptions(opts...)
  9093  	return out, req.Send()
  9094  }
  9095  
  9096  // ListChildrenPages iterates over the pages of a ListChildren operation,
  9097  // calling the "fn" function with the response data for each page. To stop
  9098  // iterating, return false from the fn function.
  9099  //
  9100  // See ListChildren method for more information on how to use this operation.
  9101  //
  9102  // Note: This operation can generate multiple requests to a service.
  9103  //
  9104  //    // Example iterating over at most 3 pages of a ListChildren operation.
  9105  //    pageNum := 0
  9106  //    err := client.ListChildrenPages(params,
  9107  //        func(page *organizations.ListChildrenOutput, lastPage bool) bool {
  9108  //            pageNum++
  9109  //            fmt.Println(page)
  9110  //            return pageNum <= 3
  9111  //        })
  9112  //
  9113  func (c *Organizations) ListChildrenPages(input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool) error {
  9114  	return c.ListChildrenPagesWithContext(aws.BackgroundContext(), input, fn)
  9115  }
  9116  
  9117  // ListChildrenPagesWithContext same as ListChildrenPages except
  9118  // it takes a Context and allows setting request options on the pages.
  9119  //
  9120  // The context must be non-nil and will be used for request cancellation. If
  9121  // the context is nil a panic will occur. In the future the SDK may create
  9122  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  9123  // for more information on using Contexts.
  9124  func (c *Organizations) ListChildrenPagesWithContext(ctx aws.Context, input *ListChildrenInput, fn func(*ListChildrenOutput, bool) bool, opts ...request.Option) error {
  9125  	p := request.Pagination{
  9126  		NewRequest: func() (*request.Request, error) {
  9127  			var inCpy *ListChildrenInput
  9128  			if input != nil {
  9129  				tmp := *input
  9130  				inCpy = &tmp
  9131  			}
  9132  			req, _ := c.ListChildrenRequest(inCpy)
  9133  			req.SetContext(ctx)
  9134  			req.ApplyOptions(opts...)
  9135  			return req, nil
  9136  		},
  9137  	}
  9138  
  9139  	for p.Next() {
  9140  		if !fn(p.Page().(*ListChildrenOutput), !p.HasNextPage()) {
  9141  			break
  9142  		}
  9143  	}
  9144  
  9145  	return p.Err()
  9146  }
  9147  
  9148  const opListCreateAccountStatus = "ListCreateAccountStatus"
  9149  
  9150  // ListCreateAccountStatusRequest generates a "aws/request.Request" representing the
  9151  // client's request for the ListCreateAccountStatus operation. The "output" return
  9152  // value will be populated with the request's response once the request completes
  9153  // successfully.
  9154  //
  9155  // Use "Send" method on the returned Request to send the API call to the service.
  9156  // the "output" return value is not valid until after Send returns without error.
  9157  //
  9158  // See ListCreateAccountStatus for more information on using the ListCreateAccountStatus
  9159  // API call, and error handling.
  9160  //
  9161  // This method is useful when you want to inject custom logic or configuration
  9162  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  9163  //
  9164  //
  9165  //    // Example sending a request using the ListCreateAccountStatusRequest method.
  9166  //    req, resp := client.ListCreateAccountStatusRequest(params)
  9167  //
  9168  //    err := req.Send()
  9169  //    if err == nil { // resp is now filled
  9170  //        fmt.Println(resp)
  9171  //    }
  9172  //
  9173  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
  9174  func (c *Organizations) ListCreateAccountStatusRequest(input *ListCreateAccountStatusInput) (req *request.Request, output *ListCreateAccountStatusOutput) {
  9175  	op := &request.Operation{
  9176  		Name:       opListCreateAccountStatus,
  9177  		HTTPMethod: "POST",
  9178  		HTTPPath:   "/",
  9179  		Paginator: &request.Paginator{
  9180  			InputTokens:     []string{"NextToken"},
  9181  			OutputTokens:    []string{"NextToken"},
  9182  			LimitToken:      "MaxResults",
  9183  			TruncationToken: "",
  9184  		},
  9185  	}
  9186  
  9187  	if input == nil {
  9188  		input = &ListCreateAccountStatusInput{}
  9189  	}
  9190  
  9191  	output = &ListCreateAccountStatusOutput{}
  9192  	req = c.newRequest(op, input, output)
  9193  	return
  9194  }
  9195  
  9196  // ListCreateAccountStatus API operation for AWS Organizations.
  9197  //
  9198  // Lists the account creation requests that match the specified status that
  9199  // is currently being tracked for the organization.
  9200  //
  9201  // Always check the NextToken response parameter for a null value when calling
  9202  // a List* operation. These operations can occasionally return an empty set
  9203  // of results even when there are more results available. The NextToken response
  9204  // parameter value is null only when there are no more results to display.
  9205  //
  9206  // This operation can be called only from the organization's management account
  9207  // or by a member account that is a delegated administrator for an AWS service.
  9208  //
  9209  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  9210  // with awserr.Error's Code and Message methods to get detailed information about
  9211  // the error.
  9212  //
  9213  // See the AWS API reference guide for AWS Organizations's
  9214  // API operation ListCreateAccountStatus for usage and error information.
  9215  //
  9216  // Returned Error Types:
  9217  //   * AccessDeniedException
  9218  //   You don't have permissions to perform the requested operation. The user or
  9219  //   role that is making the request must have at least one IAM permissions policy
  9220  //   attached that grants the required permissions. For more information, see
  9221  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  9222  //   in the IAM User Guide.
  9223  //
  9224  //   * AWSOrganizationsNotInUseException
  9225  //   Your account isn't a member of an organization. To make this request, you
  9226  //   must use the credentials of an account that belongs to an organization.
  9227  //
  9228  //   * InvalidInputException
  9229  //   The requested operation failed because you provided invalid values for one
  9230  //   or more of the request parameters. This exception includes a reason that
  9231  //   contains additional information about the violated limit:
  9232  //
  9233  //   Some of the reasons in the following list might not be applicable to this
  9234  //   specific API or operation.
  9235  //
  9236  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  9237  //      the same entity.
  9238  //
  9239  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  9240  //      can't be modified.
  9241  //
  9242  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  9243  //
  9244  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  9245  //      for the invited account owner.
  9246  //
  9247  //      * INVALID_ENUM: You specified an invalid value.
  9248  //
  9249  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  9250  //
  9251  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  9252  //      characters.
  9253  //
  9254  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  9255  //      at least one invalid value.
  9256  //
  9257  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  9258  //      from the response to a previous call of the operation.
  9259  //
  9260  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  9261  //      organization, or email) as a party.
  9262  //
  9263  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  9264  //      pattern.
  9265  //
  9266  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  9267  //      match the required pattern.
  9268  //
  9269  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  9270  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  9271  //
  9272  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  9273  //      Name (ARN) for the organization.
  9274  //
  9275  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  9276  //
  9277  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  9278  //      tag. You can’t add, edit, or delete system tag keys because they're
  9279  //      reserved for AWS use. System tags don’t count against your tags per
  9280  //      resource limit.
  9281  //
  9282  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  9283  //      for the operation.
  9284  //
  9285  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  9286  //      than allowed.
  9287  //
  9288  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  9289  //      value than allowed.
  9290  //
  9291  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  9292  //      than allowed.
  9293  //
  9294  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  9295  //      value than allowed.
  9296  //
  9297  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  9298  //      between entities in the same root.
  9299  //
  9300  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  9301  //      target entity.
  9302  //
  9303  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  9304  //      isn't recognized.
  9305  //
  9306  //   * ServiceException
  9307  //   AWS Organizations can't complete your request because of an internal service
  9308  //   error. Try again later.
  9309  //
  9310  //   * TooManyRequestsException
  9311  //   You have sent too many requests in too short a period of time. The quota
  9312  //   helps protect against denial-of-service attacks. Try again later.
  9313  //
  9314  //   For information about quotas that affect AWS Organizations, see Quotas for
  9315  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  9316  //   the AWS Organizations User Guide.
  9317  //
  9318  //   * UnsupportedAPIEndpointException
  9319  //   This action isn't available in the current AWS Region.
  9320  //
  9321  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListCreateAccountStatus
  9322  func (c *Organizations) ListCreateAccountStatus(input *ListCreateAccountStatusInput) (*ListCreateAccountStatusOutput, error) {
  9323  	req, out := c.ListCreateAccountStatusRequest(input)
  9324  	return out, req.Send()
  9325  }
  9326  
  9327  // ListCreateAccountStatusWithContext is the same as ListCreateAccountStatus with the addition of
  9328  // the ability to pass a context and additional request options.
  9329  //
  9330  // See ListCreateAccountStatus for details on how to use this API operation.
  9331  //
  9332  // The context must be non-nil and will be used for request cancellation. If
  9333  // the context is nil a panic will occur. In the future the SDK may create
  9334  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  9335  // for more information on using Contexts.
  9336  func (c *Organizations) ListCreateAccountStatusWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, opts ...request.Option) (*ListCreateAccountStatusOutput, error) {
  9337  	req, out := c.ListCreateAccountStatusRequest(input)
  9338  	req.SetContext(ctx)
  9339  	req.ApplyOptions(opts...)
  9340  	return out, req.Send()
  9341  }
  9342  
  9343  // ListCreateAccountStatusPages iterates over the pages of a ListCreateAccountStatus operation,
  9344  // calling the "fn" function with the response data for each page. To stop
  9345  // iterating, return false from the fn function.
  9346  //
  9347  // See ListCreateAccountStatus method for more information on how to use this operation.
  9348  //
  9349  // Note: This operation can generate multiple requests to a service.
  9350  //
  9351  //    // Example iterating over at most 3 pages of a ListCreateAccountStatus operation.
  9352  //    pageNum := 0
  9353  //    err := client.ListCreateAccountStatusPages(params,
  9354  //        func(page *organizations.ListCreateAccountStatusOutput, lastPage bool) bool {
  9355  //            pageNum++
  9356  //            fmt.Println(page)
  9357  //            return pageNum <= 3
  9358  //        })
  9359  //
  9360  func (c *Organizations) ListCreateAccountStatusPages(input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool) error {
  9361  	return c.ListCreateAccountStatusPagesWithContext(aws.BackgroundContext(), input, fn)
  9362  }
  9363  
  9364  // ListCreateAccountStatusPagesWithContext same as ListCreateAccountStatusPages except
  9365  // it takes a Context and allows setting request options on the pages.
  9366  //
  9367  // The context must be non-nil and will be used for request cancellation. If
  9368  // the context is nil a panic will occur. In the future the SDK may create
  9369  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  9370  // for more information on using Contexts.
  9371  func (c *Organizations) ListCreateAccountStatusPagesWithContext(ctx aws.Context, input *ListCreateAccountStatusInput, fn func(*ListCreateAccountStatusOutput, bool) bool, opts ...request.Option) error {
  9372  	p := request.Pagination{
  9373  		NewRequest: func() (*request.Request, error) {
  9374  			var inCpy *ListCreateAccountStatusInput
  9375  			if input != nil {
  9376  				tmp := *input
  9377  				inCpy = &tmp
  9378  			}
  9379  			req, _ := c.ListCreateAccountStatusRequest(inCpy)
  9380  			req.SetContext(ctx)
  9381  			req.ApplyOptions(opts...)
  9382  			return req, nil
  9383  		},
  9384  	}
  9385  
  9386  	for p.Next() {
  9387  		if !fn(p.Page().(*ListCreateAccountStatusOutput), !p.HasNextPage()) {
  9388  			break
  9389  		}
  9390  	}
  9391  
  9392  	return p.Err()
  9393  }
  9394  
  9395  const opListDelegatedAdministrators = "ListDelegatedAdministrators"
  9396  
  9397  // ListDelegatedAdministratorsRequest generates a "aws/request.Request" representing the
  9398  // client's request for the ListDelegatedAdministrators operation. The "output" return
  9399  // value will be populated with the request's response once the request completes
  9400  // successfully.
  9401  //
  9402  // Use "Send" method on the returned Request to send the API call to the service.
  9403  // the "output" return value is not valid until after Send returns without error.
  9404  //
  9405  // See ListDelegatedAdministrators for more information on using the ListDelegatedAdministrators
  9406  // API call, and error handling.
  9407  //
  9408  // This method is useful when you want to inject custom logic or configuration
  9409  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  9410  //
  9411  //
  9412  //    // Example sending a request using the ListDelegatedAdministratorsRequest method.
  9413  //    req, resp := client.ListDelegatedAdministratorsRequest(params)
  9414  //
  9415  //    err := req.Send()
  9416  //    if err == nil { // resp is now filled
  9417  //        fmt.Println(resp)
  9418  //    }
  9419  //
  9420  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators
  9421  func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedAdministratorsInput) (req *request.Request, output *ListDelegatedAdministratorsOutput) {
  9422  	op := &request.Operation{
  9423  		Name:       opListDelegatedAdministrators,
  9424  		HTTPMethod: "POST",
  9425  		HTTPPath:   "/",
  9426  		Paginator: &request.Paginator{
  9427  			InputTokens:     []string{"NextToken"},
  9428  			OutputTokens:    []string{"NextToken"},
  9429  			LimitToken:      "MaxResults",
  9430  			TruncationToken: "",
  9431  		},
  9432  	}
  9433  
  9434  	if input == nil {
  9435  		input = &ListDelegatedAdministratorsInput{}
  9436  	}
  9437  
  9438  	output = &ListDelegatedAdministratorsOutput{}
  9439  	req = c.newRequest(op, input, output)
  9440  	return
  9441  }
  9442  
  9443  // ListDelegatedAdministrators API operation for AWS Organizations.
  9444  //
  9445  // Lists the AWS accounts that are designated as delegated administrators in
  9446  // this organization.
  9447  //
  9448  // This operation can be called only from the organization's management account
  9449  // or by a member account that is a delegated administrator for an AWS service.
  9450  //
  9451  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  9452  // with awserr.Error's Code and Message methods to get detailed information about
  9453  // the error.
  9454  //
  9455  // See the AWS API reference guide for AWS Organizations's
  9456  // API operation ListDelegatedAdministrators for usage and error information.
  9457  //
  9458  // Returned Error Types:
  9459  //   * AccessDeniedException
  9460  //   You don't have permissions to perform the requested operation. The user or
  9461  //   role that is making the request must have at least one IAM permissions policy
  9462  //   attached that grants the required permissions. For more information, see
  9463  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  9464  //   in the IAM User Guide.
  9465  //
  9466  //   * AWSOrganizationsNotInUseException
  9467  //   Your account isn't a member of an organization. To make this request, you
  9468  //   must use the credentials of an account that belongs to an organization.
  9469  //
  9470  //   * ConstraintViolationException
  9471  //   Performing this operation violates a minimum or maximum value limit. For
  9472  //   example, attempting to remove the last service control policy (SCP) from
  9473  //   an OU or root, inviting or creating too many accounts to the organization,
  9474  //   or attaching too many policies to an account, OU, or root. This exception
  9475  //   includes a reason that contains additional information about the violated
  9476  //   limit:
  9477  //
  9478  //   Some of the reasons in the following list might not be applicable to this
  9479  //   specific API or operation.
  9480  //
  9481  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  9482  //      account from the organization. You can't remove the management account.
  9483  //      Instead, after you remove all member accounts, delete the organization
  9484  //      itself.
  9485  //
  9486  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  9487  //      from the organization that doesn't yet have enough information to exist
  9488  //      as a standalone account. This account requires you to first agree to the
  9489  //      AWS Customer Agreement. Follow the steps at Removing a member account
  9490  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  9491  //      the AWS Organizations User Guide.
  9492  //
  9493  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  9494  //      an account from the organization that doesn't yet have enough information
  9495  //      to exist as a standalone account. This account requires you to first complete
  9496  //      phone verification. Follow the steps at Removing a member account from
  9497  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  9498  //      in the AWS Organizations User Guide.
  9499  //
  9500  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  9501  //      of accounts that you can create in one day.
  9502  //
  9503  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  9504  //      the number of accounts in an organization. If you need more accounts,
  9505  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  9506  //      request an increase in your limit. Or the number of invitations that you
  9507  //      tried to send would cause you to exceed the limit of accounts in your
  9508  //      organization. Send fewer invitations or contact AWS Support to request
  9509  //      an increase in the number of accounts. Deleted and closed accounts still
  9510  //      count toward your limit. If you get this exception when running a command
  9511  //      immediately after creating the organization, wait one hour and try again.
  9512  //      After an hour, if the command continues to fail with this error, contact
  9513  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  9514  //
  9515  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  9516  //      register the management account of the organization as a delegated administrator
  9517  //      for an AWS service integrated with Organizations. You can designate only
  9518  //      a member account as a delegated administrator.
  9519  //
  9520  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  9521  //      an account that is registered as a delegated administrator for a service
  9522  //      integrated with your organization. To complete this operation, you must
  9523  //      first deregister this account as a delegated administrator.
  9524  //
  9525  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  9526  //      organization in the specified region, you must enable all features mode.
  9527  //
  9528  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  9529  //      an AWS account as a delegated administrator for an AWS service that already
  9530  //      has a delegated administrator. To complete this operation, you must first
  9531  //      deregister any existing delegated administrators for this service.
  9532  //
  9533  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  9534  //      valid for a limited period of time. You must resubmit the request and
  9535  //      generate a new verfication code.
  9536  //
  9537  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  9538  //      handshakes that you can send in one day.
  9539  //
  9540  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  9541  //      in this organization, you first must migrate the organization's management
  9542  //      account to the marketplace that corresponds to the management account's
  9543  //      address. For example, accounts with India addresses must be associated
  9544  //      with the AISPL marketplace. All accounts in an organization must be associated
  9545  //      with the same marketplace.
  9546  //
  9547  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  9548  //      in China. To create an organization, the master must have a valid business
  9549  //      license. For more information, contact customer support.
  9550  //
  9551  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  9552  //      must first provide a valid contact address and phone number for the management
  9553  //      account. Then try the operation again.
  9554  //
  9555  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  9556  //      management account must have an associated account in the AWS GovCloud
  9557  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  9558  //      in the AWS GovCloud User Guide.
  9559  //
  9560  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  9561  //      with this management account, you first must associate a valid payment
  9562  //      instrument, such as a credit card, with the account. Follow the steps
  9563  //      at To leave an organization when all required account information has
  9564  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  9565  //      in the AWS Organizations User Guide.
  9566  //
  9567  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  9568  //      to register more delegated administrators than allowed for the service
  9569  //      principal.
  9570  //
  9571  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  9572  //      number of policies of a certain type that can be attached to an entity
  9573  //      at one time.
  9574  //
  9575  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  9576  //      on this resource.
  9577  //
  9578  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  9579  //      with this member account, you first must associate a valid payment instrument,
  9580  //      such as a credit card, with the account. Follow the steps at To leave
  9581  //      an organization when all required account information has not yet been
  9582  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  9583  //      in the AWS Organizations User Guide.
  9584  //
  9585  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  9586  //      policy from an entity that would cause the entity to have fewer than the
  9587  //      minimum number of policies of a certain type required.
  9588  //
  9589  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  9590  //      that requires the organization to be configured to support all features.
  9591  //      An organization that supports only consolidated billing features can't
  9592  //      perform this operation.
  9593  //
  9594  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  9595  //      too many levels deep.
  9596  //
  9597  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  9598  //      that you can have in an organization.
  9599  //
  9600  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  9601  //      is larger than the maximum size.
  9602  //
  9603  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  9604  //      policies that you can have in an organization.
  9605  //
  9606  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  9607  //      tags that are not compliant with the tag policy requirements for this
  9608  //      account.
  9609  //
  9610  //   * InvalidInputException
  9611  //   The requested operation failed because you provided invalid values for one
  9612  //   or more of the request parameters. This exception includes a reason that
  9613  //   contains additional information about the violated limit:
  9614  //
  9615  //   Some of the reasons in the following list might not be applicable to this
  9616  //   specific API or operation.
  9617  //
  9618  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
  9619  //      the same entity.
  9620  //
  9621  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
  9622  //      can't be modified.
  9623  //
  9624  //      * INPUT_REQUIRED: You must include a value for all required parameters.
  9625  //
  9626  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
  9627  //      for the invited account owner.
  9628  //
  9629  //      * INVALID_ENUM: You specified an invalid value.
  9630  //
  9631  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
  9632  //
  9633  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
  9634  //      characters.
  9635  //
  9636  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
  9637  //      at least one invalid value.
  9638  //
  9639  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
  9640  //      from the response to a previous call of the operation.
  9641  //
  9642  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
  9643  //      organization, or email) as a party.
  9644  //
  9645  //      * INVALID_PATTERN: You provided a value that doesn't match the required
  9646  //      pattern.
  9647  //
  9648  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
  9649  //      match the required pattern.
  9650  //
  9651  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
  9652  //      name can't begin with the reserved prefix AWSServiceRoleFor.
  9653  //
  9654  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
  9655  //      Name (ARN) for the organization.
  9656  //
  9657  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
  9658  //
  9659  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
  9660  //      tag. You can’t add, edit, or delete system tag keys because they're
  9661  //      reserved for AWS use. System tags don’t count against your tags per
  9662  //      resource limit.
  9663  //
  9664  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
  9665  //      for the operation.
  9666  //
  9667  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
  9668  //      than allowed.
  9669  //
  9670  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
  9671  //      value than allowed.
  9672  //
  9673  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
  9674  //      than allowed.
  9675  //
  9676  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
  9677  //      value than allowed.
  9678  //
  9679  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
  9680  //      between entities in the same root.
  9681  //
  9682  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
  9683  //      target entity.
  9684  //
  9685  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
  9686  //      isn't recognized.
  9687  //
  9688  //   * TooManyRequestsException
  9689  //   You have sent too many requests in too short a period of time. The quota
  9690  //   helps protect against denial-of-service attacks. Try again later.
  9691  //
  9692  //   For information about quotas that affect AWS Organizations, see Quotas for
  9693  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
  9694  //   the AWS Organizations User Guide.
  9695  //
  9696  //   * ServiceException
  9697  //   AWS Organizations can't complete your request because of an internal service
  9698  //   error. Try again later.
  9699  //
  9700  //   * UnsupportedAPIEndpointException
  9701  //   This action isn't available in the current AWS Region.
  9702  //
  9703  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedAdministrators
  9704  func (c *Organizations) ListDelegatedAdministrators(input *ListDelegatedAdministratorsInput) (*ListDelegatedAdministratorsOutput, error) {
  9705  	req, out := c.ListDelegatedAdministratorsRequest(input)
  9706  	return out, req.Send()
  9707  }
  9708  
  9709  // ListDelegatedAdministratorsWithContext is the same as ListDelegatedAdministrators with the addition of
  9710  // the ability to pass a context and additional request options.
  9711  //
  9712  // See ListDelegatedAdministrators for details on how to use this API operation.
  9713  //
  9714  // The context must be non-nil and will be used for request cancellation. If
  9715  // the context is nil a panic will occur. In the future the SDK may create
  9716  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  9717  // for more information on using Contexts.
  9718  func (c *Organizations) ListDelegatedAdministratorsWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, opts ...request.Option) (*ListDelegatedAdministratorsOutput, error) {
  9719  	req, out := c.ListDelegatedAdministratorsRequest(input)
  9720  	req.SetContext(ctx)
  9721  	req.ApplyOptions(opts...)
  9722  	return out, req.Send()
  9723  }
  9724  
  9725  // ListDelegatedAdministratorsPages iterates over the pages of a ListDelegatedAdministrators operation,
  9726  // calling the "fn" function with the response data for each page. To stop
  9727  // iterating, return false from the fn function.
  9728  //
  9729  // See ListDelegatedAdministrators method for more information on how to use this operation.
  9730  //
  9731  // Note: This operation can generate multiple requests to a service.
  9732  //
  9733  //    // Example iterating over at most 3 pages of a ListDelegatedAdministrators operation.
  9734  //    pageNum := 0
  9735  //    err := client.ListDelegatedAdministratorsPages(params,
  9736  //        func(page *organizations.ListDelegatedAdministratorsOutput, lastPage bool) bool {
  9737  //            pageNum++
  9738  //            fmt.Println(page)
  9739  //            return pageNum <= 3
  9740  //        })
  9741  //
  9742  func (c *Organizations) ListDelegatedAdministratorsPages(input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool) error {
  9743  	return c.ListDelegatedAdministratorsPagesWithContext(aws.BackgroundContext(), input, fn)
  9744  }
  9745  
  9746  // ListDelegatedAdministratorsPagesWithContext same as ListDelegatedAdministratorsPages except
  9747  // it takes a Context and allows setting request options on the pages.
  9748  //
  9749  // The context must be non-nil and will be used for request cancellation. If
  9750  // the context is nil a panic will occur. In the future the SDK may create
  9751  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
  9752  // for more information on using Contexts.
  9753  func (c *Organizations) ListDelegatedAdministratorsPagesWithContext(ctx aws.Context, input *ListDelegatedAdministratorsInput, fn func(*ListDelegatedAdministratorsOutput, bool) bool, opts ...request.Option) error {
  9754  	p := request.Pagination{
  9755  		NewRequest: func() (*request.Request, error) {
  9756  			var inCpy *ListDelegatedAdministratorsInput
  9757  			if input != nil {
  9758  				tmp := *input
  9759  				inCpy = &tmp
  9760  			}
  9761  			req, _ := c.ListDelegatedAdministratorsRequest(inCpy)
  9762  			req.SetContext(ctx)
  9763  			req.ApplyOptions(opts...)
  9764  			return req, nil
  9765  		},
  9766  	}
  9767  
  9768  	for p.Next() {
  9769  		if !fn(p.Page().(*ListDelegatedAdministratorsOutput), !p.HasNextPage()) {
  9770  			break
  9771  		}
  9772  	}
  9773  
  9774  	return p.Err()
  9775  }
  9776  
  9777  const opListDelegatedServicesForAccount = "ListDelegatedServicesForAccount"
  9778  
  9779  // ListDelegatedServicesForAccountRequest generates a "aws/request.Request" representing the
  9780  // client's request for the ListDelegatedServicesForAccount operation. The "output" return
  9781  // value will be populated with the request's response once the request completes
  9782  // successfully.
  9783  //
  9784  // Use "Send" method on the returned Request to send the API call to the service.
  9785  // the "output" return value is not valid until after Send returns without error.
  9786  //
  9787  // See ListDelegatedServicesForAccount for more information on using the ListDelegatedServicesForAccount
  9788  // API call, and error handling.
  9789  //
  9790  // This method is useful when you want to inject custom logic or configuration
  9791  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
  9792  //
  9793  //
  9794  //    // Example sending a request using the ListDelegatedServicesForAccountRequest method.
  9795  //    req, resp := client.ListDelegatedServicesForAccountRequest(params)
  9796  //
  9797  //    err := req.Send()
  9798  //    if err == nil { // resp is now filled
  9799  //        fmt.Println(resp)
  9800  //    }
  9801  //
  9802  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount
  9803  func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelegatedServicesForAccountInput) (req *request.Request, output *ListDelegatedServicesForAccountOutput) {
  9804  	op := &request.Operation{
  9805  		Name:       opListDelegatedServicesForAccount,
  9806  		HTTPMethod: "POST",
  9807  		HTTPPath:   "/",
  9808  		Paginator: &request.Paginator{
  9809  			InputTokens:     []string{"NextToken"},
  9810  			OutputTokens:    []string{"NextToken"},
  9811  			LimitToken:      "MaxResults",
  9812  			TruncationToken: "",
  9813  		},
  9814  	}
  9815  
  9816  	if input == nil {
  9817  		input = &ListDelegatedServicesForAccountInput{}
  9818  	}
  9819  
  9820  	output = &ListDelegatedServicesForAccountOutput{}
  9821  	req = c.newRequest(op, input, output)
  9822  	return
  9823  }
  9824  
  9825  // ListDelegatedServicesForAccount API operation for AWS Organizations.
  9826  //
  9827  // List the AWS services for which the specified account is a delegated administrator.
  9828  //
  9829  // This operation can be called only from the organization's management account
  9830  // or by a member account that is a delegated administrator for an AWS service.
  9831  //
  9832  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
  9833  // with awserr.Error's Code and Message methods to get detailed information about
  9834  // the error.
  9835  //
  9836  // See the AWS API reference guide for AWS Organizations's
  9837  // API operation ListDelegatedServicesForAccount for usage and error information.
  9838  //
  9839  // Returned Error Types:
  9840  //   * AccessDeniedException
  9841  //   You don't have permissions to perform the requested operation. The user or
  9842  //   role that is making the request must have at least one IAM permissions policy
  9843  //   attached that grants the required permissions. For more information, see
  9844  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
  9845  //   in the IAM User Guide.
  9846  //
  9847  //   * AccountNotFoundException
  9848  //   We can't find an AWS account with the AccountId that you specified, or the
  9849  //   account whose credentials you used to make this request isn't a member of
  9850  //   an organization.
  9851  //
  9852  //   * AccountNotRegisteredException
  9853  //   The specified account is not a delegated administrator for this AWS service.
  9854  //
  9855  //   * AWSOrganizationsNotInUseException
  9856  //   Your account isn't a member of an organization. To make this request, you
  9857  //   must use the credentials of an account that belongs to an organization.
  9858  //
  9859  //   * ConstraintViolationException
  9860  //   Performing this operation violates a minimum or maximum value limit. For
  9861  //   example, attempting to remove the last service control policy (SCP) from
  9862  //   an OU or root, inviting or creating too many accounts to the organization,
  9863  //   or attaching too many policies to an account, OU, or root. This exception
  9864  //   includes a reason that contains additional information about the violated
  9865  //   limit:
  9866  //
  9867  //   Some of the reasons in the following list might not be applicable to this
  9868  //   specific API or operation.
  9869  //
  9870  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
  9871  //      account from the organization. You can't remove the management account.
  9872  //      Instead, after you remove all member accounts, delete the organization
  9873  //      itself.
  9874  //
  9875  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
  9876  //      from the organization that doesn't yet have enough information to exist
  9877  //      as a standalone account. This account requires you to first agree to the
  9878  //      AWS Customer Agreement. Follow the steps at Removing a member account
  9879  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
  9880  //      the AWS Organizations User Guide.
  9881  //
  9882  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
  9883  //      an account from the organization that doesn't yet have enough information
  9884  //      to exist as a standalone account. This account requires you to first complete
  9885  //      phone verification. Follow the steps at Removing a member account from
  9886  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
  9887  //      in the AWS Organizations User Guide.
  9888  //
  9889  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
  9890  //      of accounts that you can create in one day.
  9891  //
  9892  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
  9893  //      the number of accounts in an organization. If you need more accounts,
  9894  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
  9895  //      request an increase in your limit. Or the number of invitations that you
  9896  //      tried to send would cause you to exceed the limit of accounts in your
  9897  //      organization. Send fewer invitations or contact AWS Support to request
  9898  //      an increase in the number of accounts. Deleted and closed accounts still
  9899  //      count toward your limit. If you get this exception when running a command
  9900  //      immediately after creating the organization, wait one hour and try again.
  9901  //      After an hour, if the command continues to fail with this error, contact
  9902  //      AWS Support (https://console.aws.amazon.com/support/home#/).
  9903  //
  9904  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
  9905  //      register the management account of the organization as a delegated administrator
  9906  //      for an AWS service integrated with Organizations. You can designate only
  9907  //      a member account as a delegated administrator.
  9908  //
  9909  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
  9910  //      an account that is registered as a delegated administrator for a service
  9911  //      integrated with your organization. To complete this operation, you must
  9912  //      first deregister this account as a delegated administrator.
  9913  //
  9914  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
  9915  //      organization in the specified region, you must enable all features mode.
  9916  //
  9917  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
  9918  //      an AWS account as a delegated administrator for an AWS service that already
  9919  //      has a delegated administrator. To complete this operation, you must first
  9920  //      deregister any existing delegated administrators for this service.
  9921  //
  9922  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
  9923  //      valid for a limited period of time. You must resubmit the request and
  9924  //      generate a new verfication code.
  9925  //
  9926  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
  9927  //      handshakes that you can send in one day.
  9928  //
  9929  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
  9930  //      in this organization, you first must migrate the organization's management
  9931  //      account to the marketplace that corresponds to the management account's
  9932  //      address. For example, accounts with India addresses must be associated
  9933  //      with the AISPL marketplace. All accounts in an organization must be associated
  9934  //      with the same marketplace.
  9935  //
  9936  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
  9937  //      in China. To create an organization, the master must have a valid business
  9938  //      license. For more information, contact customer support.
  9939  //
  9940  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
  9941  //      must first provide a valid contact address and phone number for the management
  9942  //      account. Then try the operation again.
  9943  //
  9944  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
  9945  //      management account must have an associated account in the AWS GovCloud
  9946  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
  9947  //      in the AWS GovCloud User Guide.
  9948  //
  9949  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
  9950  //      with this management account, you first must associate a valid payment
  9951  //      instrument, such as a credit card, with the account. Follow the steps
  9952  //      at To leave an organization when all required account information has
  9953  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  9954  //      in the AWS Organizations User Guide.
  9955  //
  9956  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
  9957  //      to register more delegated administrators than allowed for the service
  9958  //      principal.
  9959  //
  9960  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
  9961  //      number of policies of a certain type that can be attached to an entity
  9962  //      at one time.
  9963  //
  9964  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
  9965  //      on this resource.
  9966  //
  9967  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
  9968  //      with this member account, you first must associate a valid payment instrument,
  9969  //      such as a credit card, with the account. Follow the steps at To leave
  9970  //      an organization when all required account information has not yet been
  9971  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
  9972  //      in the AWS Organizations User Guide.
  9973  //
  9974  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
  9975  //      policy from an entity that would cause the entity to have fewer than the
  9976  //      minimum number of policies of a certain type required.
  9977  //
  9978  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
  9979  //      that requires the organization to be configured to support all features.
  9980  //      An organization that supports only consolidated billing features can't
  9981  //      perform this operation.
  9982  //
  9983  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
  9984  //      too many levels deep.
  9985  //
  9986  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
  9987  //      that you can have in an organization.
  9988  //
  9989  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
  9990  //      is larger than the maximum size.
  9991  //
  9992  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
  9993  //      policies that you can have in an organization.
  9994  //
  9995  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
  9996  //      tags that are not compliant with the tag policy requirements for this
  9997  //      account.
  9998  //
  9999  //   * InvalidInputException
 10000  //   The requested operation failed because you provided invalid values for one
 10001  //   or more of the request parameters. This exception includes a reason that
 10002  //   contains additional information about the violated limit:
 10003  //
 10004  //   Some of the reasons in the following list might not be applicable to this
 10005  //   specific API or operation.
 10006  //
 10007  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 10008  //      the same entity.
 10009  //
 10010  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 10011  //      can't be modified.
 10012  //
 10013  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 10014  //
 10015  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 10016  //      for the invited account owner.
 10017  //
 10018  //      * INVALID_ENUM: You specified an invalid value.
 10019  //
 10020  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 10021  //
 10022  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 10023  //      characters.
 10024  //
 10025  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 10026  //      at least one invalid value.
 10027  //
 10028  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 10029  //      from the response to a previous call of the operation.
 10030  //
 10031  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 10032  //      organization, or email) as a party.
 10033  //
 10034  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 10035  //      pattern.
 10036  //
 10037  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 10038  //      match the required pattern.
 10039  //
 10040  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 10041  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 10042  //
 10043  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 10044  //      Name (ARN) for the organization.
 10045  //
 10046  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 10047  //
 10048  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 10049  //      tag. You can’t add, edit, or delete system tag keys because they're
 10050  //      reserved for AWS use. System tags don’t count against your tags per
 10051  //      resource limit.
 10052  //
 10053  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 10054  //      for the operation.
 10055  //
 10056  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 10057  //      than allowed.
 10058  //
 10059  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 10060  //      value than allowed.
 10061  //
 10062  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 10063  //      than allowed.
 10064  //
 10065  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 10066  //      value than allowed.
 10067  //
 10068  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 10069  //      between entities in the same root.
 10070  //
 10071  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 10072  //      target entity.
 10073  //
 10074  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 10075  //      isn't recognized.
 10076  //
 10077  //   * TooManyRequestsException
 10078  //   You have sent too many requests in too short a period of time. The quota
 10079  //   helps protect against denial-of-service attacks. Try again later.
 10080  //
 10081  //   For information about quotas that affect AWS Organizations, see Quotas for
 10082  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 10083  //   the AWS Organizations User Guide.
 10084  //
 10085  //   * ServiceException
 10086  //   AWS Organizations can't complete your request because of an internal service
 10087  //   error. Try again later.
 10088  //
 10089  //   * UnsupportedAPIEndpointException
 10090  //   This action isn't available in the current AWS Region.
 10091  //
 10092  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListDelegatedServicesForAccount
 10093  func (c *Organizations) ListDelegatedServicesForAccount(input *ListDelegatedServicesForAccountInput) (*ListDelegatedServicesForAccountOutput, error) {
 10094  	req, out := c.ListDelegatedServicesForAccountRequest(input)
 10095  	return out, req.Send()
 10096  }
 10097  
 10098  // ListDelegatedServicesForAccountWithContext is the same as ListDelegatedServicesForAccount with the addition of
 10099  // the ability to pass a context and additional request options.
 10100  //
 10101  // See ListDelegatedServicesForAccount for details on how to use this API operation.
 10102  //
 10103  // The context must be non-nil and will be used for request cancellation. If
 10104  // the context is nil a panic will occur. In the future the SDK may create
 10105  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 10106  // for more information on using Contexts.
 10107  func (c *Organizations) ListDelegatedServicesForAccountWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, opts ...request.Option) (*ListDelegatedServicesForAccountOutput, error) {
 10108  	req, out := c.ListDelegatedServicesForAccountRequest(input)
 10109  	req.SetContext(ctx)
 10110  	req.ApplyOptions(opts...)
 10111  	return out, req.Send()
 10112  }
 10113  
 10114  // ListDelegatedServicesForAccountPages iterates over the pages of a ListDelegatedServicesForAccount operation,
 10115  // calling the "fn" function with the response data for each page. To stop
 10116  // iterating, return false from the fn function.
 10117  //
 10118  // See ListDelegatedServicesForAccount method for more information on how to use this operation.
 10119  //
 10120  // Note: This operation can generate multiple requests to a service.
 10121  //
 10122  //    // Example iterating over at most 3 pages of a ListDelegatedServicesForAccount operation.
 10123  //    pageNum := 0
 10124  //    err := client.ListDelegatedServicesForAccountPages(params,
 10125  //        func(page *organizations.ListDelegatedServicesForAccountOutput, lastPage bool) bool {
 10126  //            pageNum++
 10127  //            fmt.Println(page)
 10128  //            return pageNum <= 3
 10129  //        })
 10130  //
 10131  func (c *Organizations) ListDelegatedServicesForAccountPages(input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool) error {
 10132  	return c.ListDelegatedServicesForAccountPagesWithContext(aws.BackgroundContext(), input, fn)
 10133  }
 10134  
 10135  // ListDelegatedServicesForAccountPagesWithContext same as ListDelegatedServicesForAccountPages except
 10136  // it takes a Context and allows setting request options on the pages.
 10137  //
 10138  // The context must be non-nil and will be used for request cancellation. If
 10139  // the context is nil a panic will occur. In the future the SDK may create
 10140  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 10141  // for more information on using Contexts.
 10142  func (c *Organizations) ListDelegatedServicesForAccountPagesWithContext(ctx aws.Context, input *ListDelegatedServicesForAccountInput, fn func(*ListDelegatedServicesForAccountOutput, bool) bool, opts ...request.Option) error {
 10143  	p := request.Pagination{
 10144  		NewRequest: func() (*request.Request, error) {
 10145  			var inCpy *ListDelegatedServicesForAccountInput
 10146  			if input != nil {
 10147  				tmp := *input
 10148  				inCpy = &tmp
 10149  			}
 10150  			req, _ := c.ListDelegatedServicesForAccountRequest(inCpy)
 10151  			req.SetContext(ctx)
 10152  			req.ApplyOptions(opts...)
 10153  			return req, nil
 10154  		},
 10155  	}
 10156  
 10157  	for p.Next() {
 10158  		if !fn(p.Page().(*ListDelegatedServicesForAccountOutput), !p.HasNextPage()) {
 10159  			break
 10160  		}
 10161  	}
 10162  
 10163  	return p.Err()
 10164  }
 10165  
 10166  const opListHandshakesForAccount = "ListHandshakesForAccount"
 10167  
 10168  // ListHandshakesForAccountRequest generates a "aws/request.Request" representing the
 10169  // client's request for the ListHandshakesForAccount operation. The "output" return
 10170  // value will be populated with the request's response once the request completes
 10171  // successfully.
 10172  //
 10173  // Use "Send" method on the returned Request to send the API call to the service.
 10174  // the "output" return value is not valid until after Send returns without error.
 10175  //
 10176  // See ListHandshakesForAccount for more information on using the ListHandshakesForAccount
 10177  // API call, and error handling.
 10178  //
 10179  // This method is useful when you want to inject custom logic or configuration
 10180  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 10181  //
 10182  //
 10183  //    // Example sending a request using the ListHandshakesForAccountRequest method.
 10184  //    req, resp := client.ListHandshakesForAccountRequest(params)
 10185  //
 10186  //    err := req.Send()
 10187  //    if err == nil { // resp is now filled
 10188  //        fmt.Println(resp)
 10189  //    }
 10190  //
 10191  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
 10192  func (c *Organizations) ListHandshakesForAccountRequest(input *ListHandshakesForAccountInput) (req *request.Request, output *ListHandshakesForAccountOutput) {
 10193  	op := &request.Operation{
 10194  		Name:       opListHandshakesForAccount,
 10195  		HTTPMethod: "POST",
 10196  		HTTPPath:   "/",
 10197  		Paginator: &request.Paginator{
 10198  			InputTokens:     []string{"NextToken"},
 10199  			OutputTokens:    []string{"NextToken"},
 10200  			LimitToken:      "MaxResults",
 10201  			TruncationToken: "",
 10202  		},
 10203  	}
 10204  
 10205  	if input == nil {
 10206  		input = &ListHandshakesForAccountInput{}
 10207  	}
 10208  
 10209  	output = &ListHandshakesForAccountOutput{}
 10210  	req = c.newRequest(op, input, output)
 10211  	return
 10212  }
 10213  
 10214  // ListHandshakesForAccount API operation for AWS Organizations.
 10215  //
 10216  // Lists the current handshakes that are associated with the account of the
 10217  // requesting user.
 10218  //
 10219  // Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
 10220  // of this API for only 30 days after changing to that state. After that, they're
 10221  // deleted and no longer accessible.
 10222  //
 10223  // Always check the NextToken response parameter for a null value when calling
 10224  // a List* operation. These operations can occasionally return an empty set
 10225  // of results even when there are more results available. The NextToken response
 10226  // parameter value is null only when there are no more results to display.
 10227  //
 10228  // This operation can be called from any account in the organization.
 10229  //
 10230  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 10231  // with awserr.Error's Code and Message methods to get detailed information about
 10232  // the error.
 10233  //
 10234  // See the AWS API reference guide for AWS Organizations's
 10235  // API operation ListHandshakesForAccount for usage and error information.
 10236  //
 10237  // Returned Error Types:
 10238  //   * AccessDeniedException
 10239  //   You don't have permissions to perform the requested operation. The user or
 10240  //   role that is making the request must have at least one IAM permissions policy
 10241  //   attached that grants the required permissions. For more information, see
 10242  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 10243  //   in the IAM User Guide.
 10244  //
 10245  //   * ConcurrentModificationException
 10246  //   The target of the operation is currently being modified by a different request.
 10247  //   Try again later.
 10248  //
 10249  //   * InvalidInputException
 10250  //   The requested operation failed because you provided invalid values for one
 10251  //   or more of the request parameters. This exception includes a reason that
 10252  //   contains additional information about the violated limit:
 10253  //
 10254  //   Some of the reasons in the following list might not be applicable to this
 10255  //   specific API or operation.
 10256  //
 10257  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 10258  //      the same entity.
 10259  //
 10260  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 10261  //      can't be modified.
 10262  //
 10263  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 10264  //
 10265  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 10266  //      for the invited account owner.
 10267  //
 10268  //      * INVALID_ENUM: You specified an invalid value.
 10269  //
 10270  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 10271  //
 10272  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 10273  //      characters.
 10274  //
 10275  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 10276  //      at least one invalid value.
 10277  //
 10278  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 10279  //      from the response to a previous call of the operation.
 10280  //
 10281  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 10282  //      organization, or email) as a party.
 10283  //
 10284  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 10285  //      pattern.
 10286  //
 10287  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 10288  //      match the required pattern.
 10289  //
 10290  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 10291  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 10292  //
 10293  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 10294  //      Name (ARN) for the organization.
 10295  //
 10296  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 10297  //
 10298  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 10299  //      tag. You can’t add, edit, or delete system tag keys because they're
 10300  //      reserved for AWS use. System tags don’t count against your tags per
 10301  //      resource limit.
 10302  //
 10303  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 10304  //      for the operation.
 10305  //
 10306  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 10307  //      than allowed.
 10308  //
 10309  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 10310  //      value than allowed.
 10311  //
 10312  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 10313  //      than allowed.
 10314  //
 10315  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 10316  //      value than allowed.
 10317  //
 10318  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 10319  //      between entities in the same root.
 10320  //
 10321  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 10322  //      target entity.
 10323  //
 10324  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 10325  //      isn't recognized.
 10326  //
 10327  //   * ServiceException
 10328  //   AWS Organizations can't complete your request because of an internal service
 10329  //   error. Try again later.
 10330  //
 10331  //   * TooManyRequestsException
 10332  //   You have sent too many requests in too short a period of time. The quota
 10333  //   helps protect against denial-of-service attacks. Try again later.
 10334  //
 10335  //   For information about quotas that affect AWS Organizations, see Quotas for
 10336  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 10337  //   the AWS Organizations User Guide.
 10338  //
 10339  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForAccount
 10340  func (c *Organizations) ListHandshakesForAccount(input *ListHandshakesForAccountInput) (*ListHandshakesForAccountOutput, error) {
 10341  	req, out := c.ListHandshakesForAccountRequest(input)
 10342  	return out, req.Send()
 10343  }
 10344  
 10345  // ListHandshakesForAccountWithContext is the same as ListHandshakesForAccount with the addition of
 10346  // the ability to pass a context and additional request options.
 10347  //
 10348  // See ListHandshakesForAccount for details on how to use this API operation.
 10349  //
 10350  // The context must be non-nil and will be used for request cancellation. If
 10351  // the context is nil a panic will occur. In the future the SDK may create
 10352  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 10353  // for more information on using Contexts.
 10354  func (c *Organizations) ListHandshakesForAccountWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, opts ...request.Option) (*ListHandshakesForAccountOutput, error) {
 10355  	req, out := c.ListHandshakesForAccountRequest(input)
 10356  	req.SetContext(ctx)
 10357  	req.ApplyOptions(opts...)
 10358  	return out, req.Send()
 10359  }
 10360  
 10361  // ListHandshakesForAccountPages iterates over the pages of a ListHandshakesForAccount operation,
 10362  // calling the "fn" function with the response data for each page. To stop
 10363  // iterating, return false from the fn function.
 10364  //
 10365  // See ListHandshakesForAccount method for more information on how to use this operation.
 10366  //
 10367  // Note: This operation can generate multiple requests to a service.
 10368  //
 10369  //    // Example iterating over at most 3 pages of a ListHandshakesForAccount operation.
 10370  //    pageNum := 0
 10371  //    err := client.ListHandshakesForAccountPages(params,
 10372  //        func(page *organizations.ListHandshakesForAccountOutput, lastPage bool) bool {
 10373  //            pageNum++
 10374  //            fmt.Println(page)
 10375  //            return pageNum <= 3
 10376  //        })
 10377  //
 10378  func (c *Organizations) ListHandshakesForAccountPages(input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool) error {
 10379  	return c.ListHandshakesForAccountPagesWithContext(aws.BackgroundContext(), input, fn)
 10380  }
 10381  
 10382  // ListHandshakesForAccountPagesWithContext same as ListHandshakesForAccountPages except
 10383  // it takes a Context and allows setting request options on the pages.
 10384  //
 10385  // The context must be non-nil and will be used for request cancellation. If
 10386  // the context is nil a panic will occur. In the future the SDK may create
 10387  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 10388  // for more information on using Contexts.
 10389  func (c *Organizations) ListHandshakesForAccountPagesWithContext(ctx aws.Context, input *ListHandshakesForAccountInput, fn func(*ListHandshakesForAccountOutput, bool) bool, opts ...request.Option) error {
 10390  	p := request.Pagination{
 10391  		NewRequest: func() (*request.Request, error) {
 10392  			var inCpy *ListHandshakesForAccountInput
 10393  			if input != nil {
 10394  				tmp := *input
 10395  				inCpy = &tmp
 10396  			}
 10397  			req, _ := c.ListHandshakesForAccountRequest(inCpy)
 10398  			req.SetContext(ctx)
 10399  			req.ApplyOptions(opts...)
 10400  			return req, nil
 10401  		},
 10402  	}
 10403  
 10404  	for p.Next() {
 10405  		if !fn(p.Page().(*ListHandshakesForAccountOutput), !p.HasNextPage()) {
 10406  			break
 10407  		}
 10408  	}
 10409  
 10410  	return p.Err()
 10411  }
 10412  
 10413  const opListHandshakesForOrganization = "ListHandshakesForOrganization"
 10414  
 10415  // ListHandshakesForOrganizationRequest generates a "aws/request.Request" representing the
 10416  // client's request for the ListHandshakesForOrganization operation. The "output" return
 10417  // value will be populated with the request's response once the request completes
 10418  // successfully.
 10419  //
 10420  // Use "Send" method on the returned Request to send the API call to the service.
 10421  // the "output" return value is not valid until after Send returns without error.
 10422  //
 10423  // See ListHandshakesForOrganization for more information on using the ListHandshakesForOrganization
 10424  // API call, and error handling.
 10425  //
 10426  // This method is useful when you want to inject custom logic or configuration
 10427  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 10428  //
 10429  //
 10430  //    // Example sending a request using the ListHandshakesForOrganizationRequest method.
 10431  //    req, resp := client.ListHandshakesForOrganizationRequest(params)
 10432  //
 10433  //    err := req.Send()
 10434  //    if err == nil { // resp is now filled
 10435  //        fmt.Println(resp)
 10436  //    }
 10437  //
 10438  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
 10439  func (c *Organizations) ListHandshakesForOrganizationRequest(input *ListHandshakesForOrganizationInput) (req *request.Request, output *ListHandshakesForOrganizationOutput) {
 10440  	op := &request.Operation{
 10441  		Name:       opListHandshakesForOrganization,
 10442  		HTTPMethod: "POST",
 10443  		HTTPPath:   "/",
 10444  		Paginator: &request.Paginator{
 10445  			InputTokens:     []string{"NextToken"},
 10446  			OutputTokens:    []string{"NextToken"},
 10447  			LimitToken:      "MaxResults",
 10448  			TruncationToken: "",
 10449  		},
 10450  	}
 10451  
 10452  	if input == nil {
 10453  		input = &ListHandshakesForOrganizationInput{}
 10454  	}
 10455  
 10456  	output = &ListHandshakesForOrganizationOutput{}
 10457  	req = c.newRequest(op, input, output)
 10458  	return
 10459  }
 10460  
 10461  // ListHandshakesForOrganization API operation for AWS Organizations.
 10462  //
 10463  // Lists the handshakes that are associated with the organization that the requesting
 10464  // user is part of. The ListHandshakesForOrganization operation returns a list
 10465  // of handshake structures. Each structure contains details and status about
 10466  // a handshake.
 10467  //
 10468  // Handshakes that are ACCEPTED, DECLINED, or CANCELED appear in the results
 10469  // of this API for only 30 days after changing to that state. After that, they're
 10470  // deleted and no longer accessible.
 10471  //
 10472  // Always check the NextToken response parameter for a null value when calling
 10473  // a List* operation. These operations can occasionally return an empty set
 10474  // of results even when there are more results available. The NextToken response
 10475  // parameter value is null only when there are no more results to display.
 10476  //
 10477  // This operation can be called only from the organization's management account
 10478  // or by a member account that is a delegated administrator for an AWS service.
 10479  //
 10480  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 10481  // with awserr.Error's Code and Message methods to get detailed information about
 10482  // the error.
 10483  //
 10484  // See the AWS API reference guide for AWS Organizations's
 10485  // API operation ListHandshakesForOrganization for usage and error information.
 10486  //
 10487  // Returned Error Types:
 10488  //   * AccessDeniedException
 10489  //   You don't have permissions to perform the requested operation. The user or
 10490  //   role that is making the request must have at least one IAM permissions policy
 10491  //   attached that grants the required permissions. For more information, see
 10492  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 10493  //   in the IAM User Guide.
 10494  //
 10495  //   * AWSOrganizationsNotInUseException
 10496  //   Your account isn't a member of an organization. To make this request, you
 10497  //   must use the credentials of an account that belongs to an organization.
 10498  //
 10499  //   * ConcurrentModificationException
 10500  //   The target of the operation is currently being modified by a different request.
 10501  //   Try again later.
 10502  //
 10503  //   * InvalidInputException
 10504  //   The requested operation failed because you provided invalid values for one
 10505  //   or more of the request parameters. This exception includes a reason that
 10506  //   contains additional information about the violated limit:
 10507  //
 10508  //   Some of the reasons in the following list might not be applicable to this
 10509  //   specific API or operation.
 10510  //
 10511  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 10512  //      the same entity.
 10513  //
 10514  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 10515  //      can't be modified.
 10516  //
 10517  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 10518  //
 10519  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 10520  //      for the invited account owner.
 10521  //
 10522  //      * INVALID_ENUM: You specified an invalid value.
 10523  //
 10524  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 10525  //
 10526  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 10527  //      characters.
 10528  //
 10529  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 10530  //      at least one invalid value.
 10531  //
 10532  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 10533  //      from the response to a previous call of the operation.
 10534  //
 10535  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 10536  //      organization, or email) as a party.
 10537  //
 10538  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 10539  //      pattern.
 10540  //
 10541  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 10542  //      match the required pattern.
 10543  //
 10544  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 10545  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 10546  //
 10547  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 10548  //      Name (ARN) for the organization.
 10549  //
 10550  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 10551  //
 10552  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 10553  //      tag. You can’t add, edit, or delete system tag keys because they're
 10554  //      reserved for AWS use. System tags don’t count against your tags per
 10555  //      resource limit.
 10556  //
 10557  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 10558  //      for the operation.
 10559  //
 10560  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 10561  //      than allowed.
 10562  //
 10563  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 10564  //      value than allowed.
 10565  //
 10566  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 10567  //      than allowed.
 10568  //
 10569  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 10570  //      value than allowed.
 10571  //
 10572  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 10573  //      between entities in the same root.
 10574  //
 10575  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 10576  //      target entity.
 10577  //
 10578  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 10579  //      isn't recognized.
 10580  //
 10581  //   * ServiceException
 10582  //   AWS Organizations can't complete your request because of an internal service
 10583  //   error. Try again later.
 10584  //
 10585  //   * TooManyRequestsException
 10586  //   You have sent too many requests in too short a period of time. The quota
 10587  //   helps protect against denial-of-service attacks. Try again later.
 10588  //
 10589  //   For information about quotas that affect AWS Organizations, see Quotas for
 10590  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 10591  //   the AWS Organizations User Guide.
 10592  //
 10593  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListHandshakesForOrganization
 10594  func (c *Organizations) ListHandshakesForOrganization(input *ListHandshakesForOrganizationInput) (*ListHandshakesForOrganizationOutput, error) {
 10595  	req, out := c.ListHandshakesForOrganizationRequest(input)
 10596  	return out, req.Send()
 10597  }
 10598  
 10599  // ListHandshakesForOrganizationWithContext is the same as ListHandshakesForOrganization with the addition of
 10600  // the ability to pass a context and additional request options.
 10601  //
 10602  // See ListHandshakesForOrganization for details on how to use this API operation.
 10603  //
 10604  // The context must be non-nil and will be used for request cancellation. If
 10605  // the context is nil a panic will occur. In the future the SDK may create
 10606  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 10607  // for more information on using Contexts.
 10608  func (c *Organizations) ListHandshakesForOrganizationWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, opts ...request.Option) (*ListHandshakesForOrganizationOutput, error) {
 10609  	req, out := c.ListHandshakesForOrganizationRequest(input)
 10610  	req.SetContext(ctx)
 10611  	req.ApplyOptions(opts...)
 10612  	return out, req.Send()
 10613  }
 10614  
 10615  // ListHandshakesForOrganizationPages iterates over the pages of a ListHandshakesForOrganization operation,
 10616  // calling the "fn" function with the response data for each page. To stop
 10617  // iterating, return false from the fn function.
 10618  //
 10619  // See ListHandshakesForOrganization method for more information on how to use this operation.
 10620  //
 10621  // Note: This operation can generate multiple requests to a service.
 10622  //
 10623  //    // Example iterating over at most 3 pages of a ListHandshakesForOrganization operation.
 10624  //    pageNum := 0
 10625  //    err := client.ListHandshakesForOrganizationPages(params,
 10626  //        func(page *organizations.ListHandshakesForOrganizationOutput, lastPage bool) bool {
 10627  //            pageNum++
 10628  //            fmt.Println(page)
 10629  //            return pageNum <= 3
 10630  //        })
 10631  //
 10632  func (c *Organizations) ListHandshakesForOrganizationPages(input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool) error {
 10633  	return c.ListHandshakesForOrganizationPagesWithContext(aws.BackgroundContext(), input, fn)
 10634  }
 10635  
 10636  // ListHandshakesForOrganizationPagesWithContext same as ListHandshakesForOrganizationPages except
 10637  // it takes a Context and allows setting request options on the pages.
 10638  //
 10639  // The context must be non-nil and will be used for request cancellation. If
 10640  // the context is nil a panic will occur. In the future the SDK may create
 10641  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 10642  // for more information on using Contexts.
 10643  func (c *Organizations) ListHandshakesForOrganizationPagesWithContext(ctx aws.Context, input *ListHandshakesForOrganizationInput, fn func(*ListHandshakesForOrganizationOutput, bool) bool, opts ...request.Option) error {
 10644  	p := request.Pagination{
 10645  		NewRequest: func() (*request.Request, error) {
 10646  			var inCpy *ListHandshakesForOrganizationInput
 10647  			if input != nil {
 10648  				tmp := *input
 10649  				inCpy = &tmp
 10650  			}
 10651  			req, _ := c.ListHandshakesForOrganizationRequest(inCpy)
 10652  			req.SetContext(ctx)
 10653  			req.ApplyOptions(opts...)
 10654  			return req, nil
 10655  		},
 10656  	}
 10657  
 10658  	for p.Next() {
 10659  		if !fn(p.Page().(*ListHandshakesForOrganizationOutput), !p.HasNextPage()) {
 10660  			break
 10661  		}
 10662  	}
 10663  
 10664  	return p.Err()
 10665  }
 10666  
 10667  const opListOrganizationalUnitsForParent = "ListOrganizationalUnitsForParent"
 10668  
 10669  // ListOrganizationalUnitsForParentRequest generates a "aws/request.Request" representing the
 10670  // client's request for the ListOrganizationalUnitsForParent operation. The "output" return
 10671  // value will be populated with the request's response once the request completes
 10672  // successfully.
 10673  //
 10674  // Use "Send" method on the returned Request to send the API call to the service.
 10675  // the "output" return value is not valid until after Send returns without error.
 10676  //
 10677  // See ListOrganizationalUnitsForParent for more information on using the ListOrganizationalUnitsForParent
 10678  // API call, and error handling.
 10679  //
 10680  // This method is useful when you want to inject custom logic or configuration
 10681  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 10682  //
 10683  //
 10684  //    // Example sending a request using the ListOrganizationalUnitsForParentRequest method.
 10685  //    req, resp := client.ListOrganizationalUnitsForParentRequest(params)
 10686  //
 10687  //    err := req.Send()
 10688  //    if err == nil { // resp is now filled
 10689  //        fmt.Println(resp)
 10690  //    }
 10691  //
 10692  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
 10693  func (c *Organizations) ListOrganizationalUnitsForParentRequest(input *ListOrganizationalUnitsForParentInput) (req *request.Request, output *ListOrganizationalUnitsForParentOutput) {
 10694  	op := &request.Operation{
 10695  		Name:       opListOrganizationalUnitsForParent,
 10696  		HTTPMethod: "POST",
 10697  		HTTPPath:   "/",
 10698  		Paginator: &request.Paginator{
 10699  			InputTokens:     []string{"NextToken"},
 10700  			OutputTokens:    []string{"NextToken"},
 10701  			LimitToken:      "MaxResults",
 10702  			TruncationToken: "",
 10703  		},
 10704  	}
 10705  
 10706  	if input == nil {
 10707  		input = &ListOrganizationalUnitsForParentInput{}
 10708  	}
 10709  
 10710  	output = &ListOrganizationalUnitsForParentOutput{}
 10711  	req = c.newRequest(op, input, output)
 10712  	return
 10713  }
 10714  
 10715  // ListOrganizationalUnitsForParent API operation for AWS Organizations.
 10716  //
 10717  // Lists the organizational units (OUs) in a parent organizational unit or root.
 10718  //
 10719  // Always check the NextToken response parameter for a null value when calling
 10720  // a List* operation. These operations can occasionally return an empty set
 10721  // of results even when there are more results available. The NextToken response
 10722  // parameter value is null only when there are no more results to display.
 10723  //
 10724  // This operation can be called only from the organization's management account
 10725  // or by a member account that is a delegated administrator for an AWS service.
 10726  //
 10727  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 10728  // with awserr.Error's Code and Message methods to get detailed information about
 10729  // the error.
 10730  //
 10731  // See the AWS API reference guide for AWS Organizations's
 10732  // API operation ListOrganizationalUnitsForParent for usage and error information.
 10733  //
 10734  // Returned Error Types:
 10735  //   * AccessDeniedException
 10736  //   You don't have permissions to perform the requested operation. The user or
 10737  //   role that is making the request must have at least one IAM permissions policy
 10738  //   attached that grants the required permissions. For more information, see
 10739  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 10740  //   in the IAM User Guide.
 10741  //
 10742  //   * AWSOrganizationsNotInUseException
 10743  //   Your account isn't a member of an organization. To make this request, you
 10744  //   must use the credentials of an account that belongs to an organization.
 10745  //
 10746  //   * InvalidInputException
 10747  //   The requested operation failed because you provided invalid values for one
 10748  //   or more of the request parameters. This exception includes a reason that
 10749  //   contains additional information about the violated limit:
 10750  //
 10751  //   Some of the reasons in the following list might not be applicable to this
 10752  //   specific API or operation.
 10753  //
 10754  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 10755  //      the same entity.
 10756  //
 10757  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 10758  //      can't be modified.
 10759  //
 10760  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 10761  //
 10762  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 10763  //      for the invited account owner.
 10764  //
 10765  //      * INVALID_ENUM: You specified an invalid value.
 10766  //
 10767  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 10768  //
 10769  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 10770  //      characters.
 10771  //
 10772  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 10773  //      at least one invalid value.
 10774  //
 10775  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 10776  //      from the response to a previous call of the operation.
 10777  //
 10778  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 10779  //      organization, or email) as a party.
 10780  //
 10781  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 10782  //      pattern.
 10783  //
 10784  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 10785  //      match the required pattern.
 10786  //
 10787  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 10788  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 10789  //
 10790  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 10791  //      Name (ARN) for the organization.
 10792  //
 10793  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 10794  //
 10795  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 10796  //      tag. You can’t add, edit, or delete system tag keys because they're
 10797  //      reserved for AWS use. System tags don’t count against your tags per
 10798  //      resource limit.
 10799  //
 10800  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 10801  //      for the operation.
 10802  //
 10803  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 10804  //      than allowed.
 10805  //
 10806  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 10807  //      value than allowed.
 10808  //
 10809  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 10810  //      than allowed.
 10811  //
 10812  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 10813  //      value than allowed.
 10814  //
 10815  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 10816  //      between entities in the same root.
 10817  //
 10818  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 10819  //      target entity.
 10820  //
 10821  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 10822  //      isn't recognized.
 10823  //
 10824  //   * ParentNotFoundException
 10825  //   We can't find a root or OU with the ParentId that you specified.
 10826  //
 10827  //   * ServiceException
 10828  //   AWS Organizations can't complete your request because of an internal service
 10829  //   error. Try again later.
 10830  //
 10831  //   * TooManyRequestsException
 10832  //   You have sent too many requests in too short a period of time. The quota
 10833  //   helps protect against denial-of-service attacks. Try again later.
 10834  //
 10835  //   For information about quotas that affect AWS Organizations, see Quotas for
 10836  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 10837  //   the AWS Organizations User Guide.
 10838  //
 10839  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListOrganizationalUnitsForParent
 10840  func (c *Organizations) ListOrganizationalUnitsForParent(input *ListOrganizationalUnitsForParentInput) (*ListOrganizationalUnitsForParentOutput, error) {
 10841  	req, out := c.ListOrganizationalUnitsForParentRequest(input)
 10842  	return out, req.Send()
 10843  }
 10844  
 10845  // ListOrganizationalUnitsForParentWithContext is the same as ListOrganizationalUnitsForParent with the addition of
 10846  // the ability to pass a context and additional request options.
 10847  //
 10848  // See ListOrganizationalUnitsForParent for details on how to use this API operation.
 10849  //
 10850  // The context must be non-nil and will be used for request cancellation. If
 10851  // the context is nil a panic will occur. In the future the SDK may create
 10852  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 10853  // for more information on using Contexts.
 10854  func (c *Organizations) ListOrganizationalUnitsForParentWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, opts ...request.Option) (*ListOrganizationalUnitsForParentOutput, error) {
 10855  	req, out := c.ListOrganizationalUnitsForParentRequest(input)
 10856  	req.SetContext(ctx)
 10857  	req.ApplyOptions(opts...)
 10858  	return out, req.Send()
 10859  }
 10860  
 10861  // ListOrganizationalUnitsForParentPages iterates over the pages of a ListOrganizationalUnitsForParent operation,
 10862  // calling the "fn" function with the response data for each page. To stop
 10863  // iterating, return false from the fn function.
 10864  //
 10865  // See ListOrganizationalUnitsForParent method for more information on how to use this operation.
 10866  //
 10867  // Note: This operation can generate multiple requests to a service.
 10868  //
 10869  //    // Example iterating over at most 3 pages of a ListOrganizationalUnitsForParent operation.
 10870  //    pageNum := 0
 10871  //    err := client.ListOrganizationalUnitsForParentPages(params,
 10872  //        func(page *organizations.ListOrganizationalUnitsForParentOutput, lastPage bool) bool {
 10873  //            pageNum++
 10874  //            fmt.Println(page)
 10875  //            return pageNum <= 3
 10876  //        })
 10877  //
 10878  func (c *Organizations) ListOrganizationalUnitsForParentPages(input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool) error {
 10879  	return c.ListOrganizationalUnitsForParentPagesWithContext(aws.BackgroundContext(), input, fn)
 10880  }
 10881  
 10882  // ListOrganizationalUnitsForParentPagesWithContext same as ListOrganizationalUnitsForParentPages except
 10883  // it takes a Context and allows setting request options on the pages.
 10884  //
 10885  // The context must be non-nil and will be used for request cancellation. If
 10886  // the context is nil a panic will occur. In the future the SDK may create
 10887  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 10888  // for more information on using Contexts.
 10889  func (c *Organizations) ListOrganizationalUnitsForParentPagesWithContext(ctx aws.Context, input *ListOrganizationalUnitsForParentInput, fn func(*ListOrganizationalUnitsForParentOutput, bool) bool, opts ...request.Option) error {
 10890  	p := request.Pagination{
 10891  		NewRequest: func() (*request.Request, error) {
 10892  			var inCpy *ListOrganizationalUnitsForParentInput
 10893  			if input != nil {
 10894  				tmp := *input
 10895  				inCpy = &tmp
 10896  			}
 10897  			req, _ := c.ListOrganizationalUnitsForParentRequest(inCpy)
 10898  			req.SetContext(ctx)
 10899  			req.ApplyOptions(opts...)
 10900  			return req, nil
 10901  		},
 10902  	}
 10903  
 10904  	for p.Next() {
 10905  		if !fn(p.Page().(*ListOrganizationalUnitsForParentOutput), !p.HasNextPage()) {
 10906  			break
 10907  		}
 10908  	}
 10909  
 10910  	return p.Err()
 10911  }
 10912  
 10913  const opListParents = "ListParents"
 10914  
 10915  // ListParentsRequest generates a "aws/request.Request" representing the
 10916  // client's request for the ListParents operation. The "output" return
 10917  // value will be populated with the request's response once the request completes
 10918  // successfully.
 10919  //
 10920  // Use "Send" method on the returned Request to send the API call to the service.
 10921  // the "output" return value is not valid until after Send returns without error.
 10922  //
 10923  // See ListParents for more information on using the ListParents
 10924  // API call, and error handling.
 10925  //
 10926  // This method is useful when you want to inject custom logic or configuration
 10927  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 10928  //
 10929  //
 10930  //    // Example sending a request using the ListParentsRequest method.
 10931  //    req, resp := client.ListParentsRequest(params)
 10932  //
 10933  //    err := req.Send()
 10934  //    if err == nil { // resp is now filled
 10935  //        fmt.Println(resp)
 10936  //    }
 10937  //
 10938  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
 10939  func (c *Organizations) ListParentsRequest(input *ListParentsInput) (req *request.Request, output *ListParentsOutput) {
 10940  	op := &request.Operation{
 10941  		Name:       opListParents,
 10942  		HTTPMethod: "POST",
 10943  		HTTPPath:   "/",
 10944  		Paginator: &request.Paginator{
 10945  			InputTokens:     []string{"NextToken"},
 10946  			OutputTokens:    []string{"NextToken"},
 10947  			LimitToken:      "MaxResults",
 10948  			TruncationToken: "",
 10949  		},
 10950  	}
 10951  
 10952  	if input == nil {
 10953  		input = &ListParentsInput{}
 10954  	}
 10955  
 10956  	output = &ListParentsOutput{}
 10957  	req = c.newRequest(op, input, output)
 10958  	return
 10959  }
 10960  
 10961  // ListParents API operation for AWS Organizations.
 10962  //
 10963  // Lists the root or organizational units (OUs) that serve as the immediate
 10964  // parent of the specified child OU or account. This operation, along with ListChildren
 10965  // enables you to traverse the tree structure that makes up this root.
 10966  //
 10967  // Always check the NextToken response parameter for a null value when calling
 10968  // a List* operation. These operations can occasionally return an empty set
 10969  // of results even when there are more results available. The NextToken response
 10970  // parameter value is null only when there are no more results to display.
 10971  //
 10972  // This operation can be called only from the organization's management account
 10973  // or by a member account that is a delegated administrator for an AWS service.
 10974  //
 10975  // In the current release, a child can have only a single parent.
 10976  //
 10977  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 10978  // with awserr.Error's Code and Message methods to get detailed information about
 10979  // the error.
 10980  //
 10981  // See the AWS API reference guide for AWS Organizations's
 10982  // API operation ListParents for usage and error information.
 10983  //
 10984  // Returned Error Types:
 10985  //   * AccessDeniedException
 10986  //   You don't have permissions to perform the requested operation. The user or
 10987  //   role that is making the request must have at least one IAM permissions policy
 10988  //   attached that grants the required permissions. For more information, see
 10989  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 10990  //   in the IAM User Guide.
 10991  //
 10992  //   * AWSOrganizationsNotInUseException
 10993  //   Your account isn't a member of an organization. To make this request, you
 10994  //   must use the credentials of an account that belongs to an organization.
 10995  //
 10996  //   * ChildNotFoundException
 10997  //   We can't find an organizational unit (OU) or AWS account with the ChildId
 10998  //   that you specified.
 10999  //
 11000  //   * InvalidInputException
 11001  //   The requested operation failed because you provided invalid values for one
 11002  //   or more of the request parameters. This exception includes a reason that
 11003  //   contains additional information about the violated limit:
 11004  //
 11005  //   Some of the reasons in the following list might not be applicable to this
 11006  //   specific API or operation.
 11007  //
 11008  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 11009  //      the same entity.
 11010  //
 11011  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 11012  //      can't be modified.
 11013  //
 11014  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 11015  //
 11016  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 11017  //      for the invited account owner.
 11018  //
 11019  //      * INVALID_ENUM: You specified an invalid value.
 11020  //
 11021  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 11022  //
 11023  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 11024  //      characters.
 11025  //
 11026  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 11027  //      at least one invalid value.
 11028  //
 11029  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 11030  //      from the response to a previous call of the operation.
 11031  //
 11032  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 11033  //      organization, or email) as a party.
 11034  //
 11035  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 11036  //      pattern.
 11037  //
 11038  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 11039  //      match the required pattern.
 11040  //
 11041  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 11042  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 11043  //
 11044  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 11045  //      Name (ARN) for the organization.
 11046  //
 11047  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 11048  //
 11049  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 11050  //      tag. You can’t add, edit, or delete system tag keys because they're
 11051  //      reserved for AWS use. System tags don’t count against your tags per
 11052  //      resource limit.
 11053  //
 11054  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 11055  //      for the operation.
 11056  //
 11057  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 11058  //      than allowed.
 11059  //
 11060  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 11061  //      value than allowed.
 11062  //
 11063  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 11064  //      than allowed.
 11065  //
 11066  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 11067  //      value than allowed.
 11068  //
 11069  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 11070  //      between entities in the same root.
 11071  //
 11072  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 11073  //      target entity.
 11074  //
 11075  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 11076  //      isn't recognized.
 11077  //
 11078  //   * ServiceException
 11079  //   AWS Organizations can't complete your request because of an internal service
 11080  //   error. Try again later.
 11081  //
 11082  //   * TooManyRequestsException
 11083  //   You have sent too many requests in too short a period of time. The quota
 11084  //   helps protect against denial-of-service attacks. Try again later.
 11085  //
 11086  //   For information about quotas that affect AWS Organizations, see Quotas for
 11087  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 11088  //   the AWS Organizations User Guide.
 11089  //
 11090  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListParents
 11091  func (c *Organizations) ListParents(input *ListParentsInput) (*ListParentsOutput, error) {
 11092  	req, out := c.ListParentsRequest(input)
 11093  	return out, req.Send()
 11094  }
 11095  
 11096  // ListParentsWithContext is the same as ListParents with the addition of
 11097  // the ability to pass a context and additional request options.
 11098  //
 11099  // See ListParents for details on how to use this API operation.
 11100  //
 11101  // The context must be non-nil and will be used for request cancellation. If
 11102  // the context is nil a panic will occur. In the future the SDK may create
 11103  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 11104  // for more information on using Contexts.
 11105  func (c *Organizations) ListParentsWithContext(ctx aws.Context, input *ListParentsInput, opts ...request.Option) (*ListParentsOutput, error) {
 11106  	req, out := c.ListParentsRequest(input)
 11107  	req.SetContext(ctx)
 11108  	req.ApplyOptions(opts...)
 11109  	return out, req.Send()
 11110  }
 11111  
 11112  // ListParentsPages iterates over the pages of a ListParents operation,
 11113  // calling the "fn" function with the response data for each page. To stop
 11114  // iterating, return false from the fn function.
 11115  //
 11116  // See ListParents method for more information on how to use this operation.
 11117  //
 11118  // Note: This operation can generate multiple requests to a service.
 11119  //
 11120  //    // Example iterating over at most 3 pages of a ListParents operation.
 11121  //    pageNum := 0
 11122  //    err := client.ListParentsPages(params,
 11123  //        func(page *organizations.ListParentsOutput, lastPage bool) bool {
 11124  //            pageNum++
 11125  //            fmt.Println(page)
 11126  //            return pageNum <= 3
 11127  //        })
 11128  //
 11129  func (c *Organizations) ListParentsPages(input *ListParentsInput, fn func(*ListParentsOutput, bool) bool) error {
 11130  	return c.ListParentsPagesWithContext(aws.BackgroundContext(), input, fn)
 11131  }
 11132  
 11133  // ListParentsPagesWithContext same as ListParentsPages except
 11134  // it takes a Context and allows setting request options on the pages.
 11135  //
 11136  // The context must be non-nil and will be used for request cancellation. If
 11137  // the context is nil a panic will occur. In the future the SDK may create
 11138  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 11139  // for more information on using Contexts.
 11140  func (c *Organizations) ListParentsPagesWithContext(ctx aws.Context, input *ListParentsInput, fn func(*ListParentsOutput, bool) bool, opts ...request.Option) error {
 11141  	p := request.Pagination{
 11142  		NewRequest: func() (*request.Request, error) {
 11143  			var inCpy *ListParentsInput
 11144  			if input != nil {
 11145  				tmp := *input
 11146  				inCpy = &tmp
 11147  			}
 11148  			req, _ := c.ListParentsRequest(inCpy)
 11149  			req.SetContext(ctx)
 11150  			req.ApplyOptions(opts...)
 11151  			return req, nil
 11152  		},
 11153  	}
 11154  
 11155  	for p.Next() {
 11156  		if !fn(p.Page().(*ListParentsOutput), !p.HasNextPage()) {
 11157  			break
 11158  		}
 11159  	}
 11160  
 11161  	return p.Err()
 11162  }
 11163  
 11164  const opListPolicies = "ListPolicies"
 11165  
 11166  // ListPoliciesRequest generates a "aws/request.Request" representing the
 11167  // client's request for the ListPolicies operation. The "output" return
 11168  // value will be populated with the request's response once the request completes
 11169  // successfully.
 11170  //
 11171  // Use "Send" method on the returned Request to send the API call to the service.
 11172  // the "output" return value is not valid until after Send returns without error.
 11173  //
 11174  // See ListPolicies for more information on using the ListPolicies
 11175  // API call, and error handling.
 11176  //
 11177  // This method is useful when you want to inject custom logic or configuration
 11178  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 11179  //
 11180  //
 11181  //    // Example sending a request using the ListPoliciesRequest method.
 11182  //    req, resp := client.ListPoliciesRequest(params)
 11183  //
 11184  //    err := req.Send()
 11185  //    if err == nil { // resp is now filled
 11186  //        fmt.Println(resp)
 11187  //    }
 11188  //
 11189  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
 11190  func (c *Organizations) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) {
 11191  	op := &request.Operation{
 11192  		Name:       opListPolicies,
 11193  		HTTPMethod: "POST",
 11194  		HTTPPath:   "/",
 11195  		Paginator: &request.Paginator{
 11196  			InputTokens:     []string{"NextToken"},
 11197  			OutputTokens:    []string{"NextToken"},
 11198  			LimitToken:      "MaxResults",
 11199  			TruncationToken: "",
 11200  		},
 11201  	}
 11202  
 11203  	if input == nil {
 11204  		input = &ListPoliciesInput{}
 11205  	}
 11206  
 11207  	output = &ListPoliciesOutput{}
 11208  	req = c.newRequest(op, input, output)
 11209  	return
 11210  }
 11211  
 11212  // ListPolicies API operation for AWS Organizations.
 11213  //
 11214  // Retrieves the list of all policies in an organization of a specified type.
 11215  //
 11216  // Always check the NextToken response parameter for a null value when calling
 11217  // a List* operation. These operations can occasionally return an empty set
 11218  // of results even when there are more results available. The NextToken response
 11219  // parameter value is null only when there are no more results to display.
 11220  //
 11221  // This operation can be called only from the organization's management account
 11222  // or by a member account that is a delegated administrator for an AWS service.
 11223  //
 11224  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 11225  // with awserr.Error's Code and Message methods to get detailed information about
 11226  // the error.
 11227  //
 11228  // See the AWS API reference guide for AWS Organizations's
 11229  // API operation ListPolicies for usage and error information.
 11230  //
 11231  // Returned Error Types:
 11232  //   * AccessDeniedException
 11233  //   You don't have permissions to perform the requested operation. The user or
 11234  //   role that is making the request must have at least one IAM permissions policy
 11235  //   attached that grants the required permissions. For more information, see
 11236  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 11237  //   in the IAM User Guide.
 11238  //
 11239  //   * AWSOrganizationsNotInUseException
 11240  //   Your account isn't a member of an organization. To make this request, you
 11241  //   must use the credentials of an account that belongs to an organization.
 11242  //
 11243  //   * InvalidInputException
 11244  //   The requested operation failed because you provided invalid values for one
 11245  //   or more of the request parameters. This exception includes a reason that
 11246  //   contains additional information about the violated limit:
 11247  //
 11248  //   Some of the reasons in the following list might not be applicable to this
 11249  //   specific API or operation.
 11250  //
 11251  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 11252  //      the same entity.
 11253  //
 11254  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 11255  //      can't be modified.
 11256  //
 11257  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 11258  //
 11259  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 11260  //      for the invited account owner.
 11261  //
 11262  //      * INVALID_ENUM: You specified an invalid value.
 11263  //
 11264  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 11265  //
 11266  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 11267  //      characters.
 11268  //
 11269  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 11270  //      at least one invalid value.
 11271  //
 11272  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 11273  //      from the response to a previous call of the operation.
 11274  //
 11275  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 11276  //      organization, or email) as a party.
 11277  //
 11278  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 11279  //      pattern.
 11280  //
 11281  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 11282  //      match the required pattern.
 11283  //
 11284  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 11285  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 11286  //
 11287  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 11288  //      Name (ARN) for the organization.
 11289  //
 11290  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 11291  //
 11292  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 11293  //      tag. You can’t add, edit, or delete system tag keys because they're
 11294  //      reserved for AWS use. System tags don’t count against your tags per
 11295  //      resource limit.
 11296  //
 11297  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 11298  //      for the operation.
 11299  //
 11300  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 11301  //      than allowed.
 11302  //
 11303  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 11304  //      value than allowed.
 11305  //
 11306  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 11307  //      than allowed.
 11308  //
 11309  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 11310  //      value than allowed.
 11311  //
 11312  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 11313  //      between entities in the same root.
 11314  //
 11315  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 11316  //      target entity.
 11317  //
 11318  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 11319  //      isn't recognized.
 11320  //
 11321  //   * ServiceException
 11322  //   AWS Organizations can't complete your request because of an internal service
 11323  //   error. Try again later.
 11324  //
 11325  //   * TooManyRequestsException
 11326  //   You have sent too many requests in too short a period of time. The quota
 11327  //   helps protect against denial-of-service attacks. Try again later.
 11328  //
 11329  //   For information about quotas that affect AWS Organizations, see Quotas for
 11330  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 11331  //   the AWS Organizations User Guide.
 11332  //
 11333  //   * UnsupportedAPIEndpointException
 11334  //   This action isn't available in the current AWS Region.
 11335  //
 11336  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPolicies
 11337  func (c *Organizations) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) {
 11338  	req, out := c.ListPoliciesRequest(input)
 11339  	return out, req.Send()
 11340  }
 11341  
 11342  // ListPoliciesWithContext is the same as ListPolicies with the addition of
 11343  // the ability to pass a context and additional request options.
 11344  //
 11345  // See ListPolicies for details on how to use this API operation.
 11346  //
 11347  // The context must be non-nil and will be used for request cancellation. If
 11348  // the context is nil a panic will occur. In the future the SDK may create
 11349  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 11350  // for more information on using Contexts.
 11351  func (c *Organizations) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) {
 11352  	req, out := c.ListPoliciesRequest(input)
 11353  	req.SetContext(ctx)
 11354  	req.ApplyOptions(opts...)
 11355  	return out, req.Send()
 11356  }
 11357  
 11358  // ListPoliciesPages iterates over the pages of a ListPolicies operation,
 11359  // calling the "fn" function with the response data for each page. To stop
 11360  // iterating, return false from the fn function.
 11361  //
 11362  // See ListPolicies method for more information on how to use this operation.
 11363  //
 11364  // Note: This operation can generate multiple requests to a service.
 11365  //
 11366  //    // Example iterating over at most 3 pages of a ListPolicies operation.
 11367  //    pageNum := 0
 11368  //    err := client.ListPoliciesPages(params,
 11369  //        func(page *organizations.ListPoliciesOutput, lastPage bool) bool {
 11370  //            pageNum++
 11371  //            fmt.Println(page)
 11372  //            return pageNum <= 3
 11373  //        })
 11374  //
 11375  func (c *Organizations) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error {
 11376  	return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
 11377  }
 11378  
 11379  // ListPoliciesPagesWithContext same as ListPoliciesPages except
 11380  // it takes a Context and allows setting request options on the pages.
 11381  //
 11382  // The context must be non-nil and will be used for request cancellation. If
 11383  // the context is nil a panic will occur. In the future the SDK may create
 11384  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 11385  // for more information on using Contexts.
 11386  func (c *Organizations) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error {
 11387  	p := request.Pagination{
 11388  		NewRequest: func() (*request.Request, error) {
 11389  			var inCpy *ListPoliciesInput
 11390  			if input != nil {
 11391  				tmp := *input
 11392  				inCpy = &tmp
 11393  			}
 11394  			req, _ := c.ListPoliciesRequest(inCpy)
 11395  			req.SetContext(ctx)
 11396  			req.ApplyOptions(opts...)
 11397  			return req, nil
 11398  		},
 11399  	}
 11400  
 11401  	for p.Next() {
 11402  		if !fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) {
 11403  			break
 11404  		}
 11405  	}
 11406  
 11407  	return p.Err()
 11408  }
 11409  
 11410  const opListPoliciesForTarget = "ListPoliciesForTarget"
 11411  
 11412  // ListPoliciesForTargetRequest generates a "aws/request.Request" representing the
 11413  // client's request for the ListPoliciesForTarget operation. The "output" return
 11414  // value will be populated with the request's response once the request completes
 11415  // successfully.
 11416  //
 11417  // Use "Send" method on the returned Request to send the API call to the service.
 11418  // the "output" return value is not valid until after Send returns without error.
 11419  //
 11420  // See ListPoliciesForTarget for more information on using the ListPoliciesForTarget
 11421  // API call, and error handling.
 11422  //
 11423  // This method is useful when you want to inject custom logic or configuration
 11424  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 11425  //
 11426  //
 11427  //    // Example sending a request using the ListPoliciesForTargetRequest method.
 11428  //    req, resp := client.ListPoliciesForTargetRequest(params)
 11429  //
 11430  //    err := req.Send()
 11431  //    if err == nil { // resp is now filled
 11432  //        fmt.Println(resp)
 11433  //    }
 11434  //
 11435  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
 11436  func (c *Organizations) ListPoliciesForTargetRequest(input *ListPoliciesForTargetInput) (req *request.Request, output *ListPoliciesForTargetOutput) {
 11437  	op := &request.Operation{
 11438  		Name:       opListPoliciesForTarget,
 11439  		HTTPMethod: "POST",
 11440  		HTTPPath:   "/",
 11441  		Paginator: &request.Paginator{
 11442  			InputTokens:     []string{"NextToken"},
 11443  			OutputTokens:    []string{"NextToken"},
 11444  			LimitToken:      "MaxResults",
 11445  			TruncationToken: "",
 11446  		},
 11447  	}
 11448  
 11449  	if input == nil {
 11450  		input = &ListPoliciesForTargetInput{}
 11451  	}
 11452  
 11453  	output = &ListPoliciesForTargetOutput{}
 11454  	req = c.newRequest(op, input, output)
 11455  	return
 11456  }
 11457  
 11458  // ListPoliciesForTarget API operation for AWS Organizations.
 11459  //
 11460  // Lists the policies that are directly attached to the specified target root,
 11461  // organizational unit (OU), or account. You must specify the policy type that
 11462  // you want included in the returned list.
 11463  //
 11464  // Always check the NextToken response parameter for a null value when calling
 11465  // a List* operation. These operations can occasionally return an empty set
 11466  // of results even when there are more results available. The NextToken response
 11467  // parameter value is null only when there are no more results to display.
 11468  //
 11469  // This operation can be called only from the organization's management account
 11470  // or by a member account that is a delegated administrator for an AWS service.
 11471  //
 11472  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 11473  // with awserr.Error's Code and Message methods to get detailed information about
 11474  // the error.
 11475  //
 11476  // See the AWS API reference guide for AWS Organizations's
 11477  // API operation ListPoliciesForTarget for usage and error information.
 11478  //
 11479  // Returned Error Types:
 11480  //   * AccessDeniedException
 11481  //   You don't have permissions to perform the requested operation. The user or
 11482  //   role that is making the request must have at least one IAM permissions policy
 11483  //   attached that grants the required permissions. For more information, see
 11484  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 11485  //   in the IAM User Guide.
 11486  //
 11487  //   * AWSOrganizationsNotInUseException
 11488  //   Your account isn't a member of an organization. To make this request, you
 11489  //   must use the credentials of an account that belongs to an organization.
 11490  //
 11491  //   * InvalidInputException
 11492  //   The requested operation failed because you provided invalid values for one
 11493  //   or more of the request parameters. This exception includes a reason that
 11494  //   contains additional information about the violated limit:
 11495  //
 11496  //   Some of the reasons in the following list might not be applicable to this
 11497  //   specific API or operation.
 11498  //
 11499  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 11500  //      the same entity.
 11501  //
 11502  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 11503  //      can't be modified.
 11504  //
 11505  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 11506  //
 11507  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 11508  //      for the invited account owner.
 11509  //
 11510  //      * INVALID_ENUM: You specified an invalid value.
 11511  //
 11512  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 11513  //
 11514  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 11515  //      characters.
 11516  //
 11517  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 11518  //      at least one invalid value.
 11519  //
 11520  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 11521  //      from the response to a previous call of the operation.
 11522  //
 11523  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 11524  //      organization, or email) as a party.
 11525  //
 11526  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 11527  //      pattern.
 11528  //
 11529  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 11530  //      match the required pattern.
 11531  //
 11532  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 11533  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 11534  //
 11535  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 11536  //      Name (ARN) for the organization.
 11537  //
 11538  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 11539  //
 11540  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 11541  //      tag. You can’t add, edit, or delete system tag keys because they're
 11542  //      reserved for AWS use. System tags don’t count against your tags per
 11543  //      resource limit.
 11544  //
 11545  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 11546  //      for the operation.
 11547  //
 11548  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 11549  //      than allowed.
 11550  //
 11551  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 11552  //      value than allowed.
 11553  //
 11554  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 11555  //      than allowed.
 11556  //
 11557  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 11558  //      value than allowed.
 11559  //
 11560  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 11561  //      between entities in the same root.
 11562  //
 11563  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 11564  //      target entity.
 11565  //
 11566  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 11567  //      isn't recognized.
 11568  //
 11569  //   * ServiceException
 11570  //   AWS Organizations can't complete your request because of an internal service
 11571  //   error. Try again later.
 11572  //
 11573  //   * TargetNotFoundException
 11574  //   We can't find a root, OU, account, or policy with the TargetId that you specified.
 11575  //
 11576  //   * TooManyRequestsException
 11577  //   You have sent too many requests in too short a period of time. The quota
 11578  //   helps protect against denial-of-service attacks. Try again later.
 11579  //
 11580  //   For information about quotas that affect AWS Organizations, see Quotas for
 11581  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 11582  //   the AWS Organizations User Guide.
 11583  //
 11584  //   * UnsupportedAPIEndpointException
 11585  //   This action isn't available in the current AWS Region.
 11586  //
 11587  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListPoliciesForTarget
 11588  func (c *Organizations) ListPoliciesForTarget(input *ListPoliciesForTargetInput) (*ListPoliciesForTargetOutput, error) {
 11589  	req, out := c.ListPoliciesForTargetRequest(input)
 11590  	return out, req.Send()
 11591  }
 11592  
 11593  // ListPoliciesForTargetWithContext is the same as ListPoliciesForTarget with the addition of
 11594  // the ability to pass a context and additional request options.
 11595  //
 11596  // See ListPoliciesForTarget for details on how to use this API operation.
 11597  //
 11598  // The context must be non-nil and will be used for request cancellation. If
 11599  // the context is nil a panic will occur. In the future the SDK may create
 11600  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 11601  // for more information on using Contexts.
 11602  func (c *Organizations) ListPoliciesForTargetWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, opts ...request.Option) (*ListPoliciesForTargetOutput, error) {
 11603  	req, out := c.ListPoliciesForTargetRequest(input)
 11604  	req.SetContext(ctx)
 11605  	req.ApplyOptions(opts...)
 11606  	return out, req.Send()
 11607  }
 11608  
 11609  // ListPoliciesForTargetPages iterates over the pages of a ListPoliciesForTarget operation,
 11610  // calling the "fn" function with the response data for each page. To stop
 11611  // iterating, return false from the fn function.
 11612  //
 11613  // See ListPoliciesForTarget method for more information on how to use this operation.
 11614  //
 11615  // Note: This operation can generate multiple requests to a service.
 11616  //
 11617  //    // Example iterating over at most 3 pages of a ListPoliciesForTarget operation.
 11618  //    pageNum := 0
 11619  //    err := client.ListPoliciesForTargetPages(params,
 11620  //        func(page *organizations.ListPoliciesForTargetOutput, lastPage bool) bool {
 11621  //            pageNum++
 11622  //            fmt.Println(page)
 11623  //            return pageNum <= 3
 11624  //        })
 11625  //
 11626  func (c *Organizations) ListPoliciesForTargetPages(input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool) error {
 11627  	return c.ListPoliciesForTargetPagesWithContext(aws.BackgroundContext(), input, fn)
 11628  }
 11629  
 11630  // ListPoliciesForTargetPagesWithContext same as ListPoliciesForTargetPages except
 11631  // it takes a Context and allows setting request options on the pages.
 11632  //
 11633  // The context must be non-nil and will be used for request cancellation. If
 11634  // the context is nil a panic will occur. In the future the SDK may create
 11635  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 11636  // for more information on using Contexts.
 11637  func (c *Organizations) ListPoliciesForTargetPagesWithContext(ctx aws.Context, input *ListPoliciesForTargetInput, fn func(*ListPoliciesForTargetOutput, bool) bool, opts ...request.Option) error {
 11638  	p := request.Pagination{
 11639  		NewRequest: func() (*request.Request, error) {
 11640  			var inCpy *ListPoliciesForTargetInput
 11641  			if input != nil {
 11642  				tmp := *input
 11643  				inCpy = &tmp
 11644  			}
 11645  			req, _ := c.ListPoliciesForTargetRequest(inCpy)
 11646  			req.SetContext(ctx)
 11647  			req.ApplyOptions(opts...)
 11648  			return req, nil
 11649  		},
 11650  	}
 11651  
 11652  	for p.Next() {
 11653  		if !fn(p.Page().(*ListPoliciesForTargetOutput), !p.HasNextPage()) {
 11654  			break
 11655  		}
 11656  	}
 11657  
 11658  	return p.Err()
 11659  }
 11660  
 11661  const opListRoots = "ListRoots"
 11662  
 11663  // ListRootsRequest generates a "aws/request.Request" representing the
 11664  // client's request for the ListRoots operation. The "output" return
 11665  // value will be populated with the request's response once the request completes
 11666  // successfully.
 11667  //
 11668  // Use "Send" method on the returned Request to send the API call to the service.
 11669  // the "output" return value is not valid until after Send returns without error.
 11670  //
 11671  // See ListRoots for more information on using the ListRoots
 11672  // API call, and error handling.
 11673  //
 11674  // This method is useful when you want to inject custom logic or configuration
 11675  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 11676  //
 11677  //
 11678  //    // Example sending a request using the ListRootsRequest method.
 11679  //    req, resp := client.ListRootsRequest(params)
 11680  //
 11681  //    err := req.Send()
 11682  //    if err == nil { // resp is now filled
 11683  //        fmt.Println(resp)
 11684  //    }
 11685  //
 11686  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
 11687  func (c *Organizations) ListRootsRequest(input *ListRootsInput) (req *request.Request, output *ListRootsOutput) {
 11688  	op := &request.Operation{
 11689  		Name:       opListRoots,
 11690  		HTTPMethod: "POST",
 11691  		HTTPPath:   "/",
 11692  		Paginator: &request.Paginator{
 11693  			InputTokens:     []string{"NextToken"},
 11694  			OutputTokens:    []string{"NextToken"},
 11695  			LimitToken:      "MaxResults",
 11696  			TruncationToken: "",
 11697  		},
 11698  	}
 11699  
 11700  	if input == nil {
 11701  		input = &ListRootsInput{}
 11702  	}
 11703  
 11704  	output = &ListRootsOutput{}
 11705  	req = c.newRequest(op, input, output)
 11706  	return
 11707  }
 11708  
 11709  // ListRoots API operation for AWS Organizations.
 11710  //
 11711  // Lists the roots that are defined in the current organization.
 11712  //
 11713  // Always check the NextToken response parameter for a null value when calling
 11714  // a List* operation. These operations can occasionally return an empty set
 11715  // of results even when there are more results available. The NextToken response
 11716  // parameter value is null only when there are no more results to display.
 11717  //
 11718  // This operation can be called only from the organization's management account
 11719  // or by a member account that is a delegated administrator for an AWS service.
 11720  //
 11721  // Policy types can be enabled and disabled in roots. This is distinct from
 11722  // whether they're available in the organization. When you enable all features,
 11723  // you make policy types available for use in that organization. Individual
 11724  // policy types can then be enabled and disabled in a root. To see the availability
 11725  // of a policy type in an organization, use DescribeOrganization.
 11726  //
 11727  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 11728  // with awserr.Error's Code and Message methods to get detailed information about
 11729  // the error.
 11730  //
 11731  // See the AWS API reference guide for AWS Organizations's
 11732  // API operation ListRoots for usage and error information.
 11733  //
 11734  // Returned Error Types:
 11735  //   * AccessDeniedException
 11736  //   You don't have permissions to perform the requested operation. The user or
 11737  //   role that is making the request must have at least one IAM permissions policy
 11738  //   attached that grants the required permissions. For more information, see
 11739  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 11740  //   in the IAM User Guide.
 11741  //
 11742  //   * AWSOrganizationsNotInUseException
 11743  //   Your account isn't a member of an organization. To make this request, you
 11744  //   must use the credentials of an account that belongs to an organization.
 11745  //
 11746  //   * InvalidInputException
 11747  //   The requested operation failed because you provided invalid values for one
 11748  //   or more of the request parameters. This exception includes a reason that
 11749  //   contains additional information about the violated limit:
 11750  //
 11751  //   Some of the reasons in the following list might not be applicable to this
 11752  //   specific API or operation.
 11753  //
 11754  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 11755  //      the same entity.
 11756  //
 11757  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 11758  //      can't be modified.
 11759  //
 11760  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 11761  //
 11762  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 11763  //      for the invited account owner.
 11764  //
 11765  //      * INVALID_ENUM: You specified an invalid value.
 11766  //
 11767  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 11768  //
 11769  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 11770  //      characters.
 11771  //
 11772  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 11773  //      at least one invalid value.
 11774  //
 11775  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 11776  //      from the response to a previous call of the operation.
 11777  //
 11778  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 11779  //      organization, or email) as a party.
 11780  //
 11781  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 11782  //      pattern.
 11783  //
 11784  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 11785  //      match the required pattern.
 11786  //
 11787  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 11788  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 11789  //
 11790  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 11791  //      Name (ARN) for the organization.
 11792  //
 11793  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 11794  //
 11795  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 11796  //      tag. You can’t add, edit, or delete system tag keys because they're
 11797  //      reserved for AWS use. System tags don’t count against your tags per
 11798  //      resource limit.
 11799  //
 11800  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 11801  //      for the operation.
 11802  //
 11803  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 11804  //      than allowed.
 11805  //
 11806  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 11807  //      value than allowed.
 11808  //
 11809  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 11810  //      than allowed.
 11811  //
 11812  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 11813  //      value than allowed.
 11814  //
 11815  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 11816  //      between entities in the same root.
 11817  //
 11818  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 11819  //      target entity.
 11820  //
 11821  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 11822  //      isn't recognized.
 11823  //
 11824  //   * ServiceException
 11825  //   AWS Organizations can't complete your request because of an internal service
 11826  //   error. Try again later.
 11827  //
 11828  //   * TooManyRequestsException
 11829  //   You have sent too many requests in too short a period of time. The quota
 11830  //   helps protect against denial-of-service attacks. Try again later.
 11831  //
 11832  //   For information about quotas that affect AWS Organizations, see Quotas for
 11833  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 11834  //   the AWS Organizations User Guide.
 11835  //
 11836  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListRoots
 11837  func (c *Organizations) ListRoots(input *ListRootsInput) (*ListRootsOutput, error) {
 11838  	req, out := c.ListRootsRequest(input)
 11839  	return out, req.Send()
 11840  }
 11841  
 11842  // ListRootsWithContext is the same as ListRoots with the addition of
 11843  // the ability to pass a context and additional request options.
 11844  //
 11845  // See ListRoots for details on how to use this API operation.
 11846  //
 11847  // The context must be non-nil and will be used for request cancellation. If
 11848  // the context is nil a panic will occur. In the future the SDK may create
 11849  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 11850  // for more information on using Contexts.
 11851  func (c *Organizations) ListRootsWithContext(ctx aws.Context, input *ListRootsInput, opts ...request.Option) (*ListRootsOutput, error) {
 11852  	req, out := c.ListRootsRequest(input)
 11853  	req.SetContext(ctx)
 11854  	req.ApplyOptions(opts...)
 11855  	return out, req.Send()
 11856  }
 11857  
 11858  // ListRootsPages iterates over the pages of a ListRoots operation,
 11859  // calling the "fn" function with the response data for each page. To stop
 11860  // iterating, return false from the fn function.
 11861  //
 11862  // See ListRoots method for more information on how to use this operation.
 11863  //
 11864  // Note: This operation can generate multiple requests to a service.
 11865  //
 11866  //    // Example iterating over at most 3 pages of a ListRoots operation.
 11867  //    pageNum := 0
 11868  //    err := client.ListRootsPages(params,
 11869  //        func(page *organizations.ListRootsOutput, lastPage bool) bool {
 11870  //            pageNum++
 11871  //            fmt.Println(page)
 11872  //            return pageNum <= 3
 11873  //        })
 11874  //
 11875  func (c *Organizations) ListRootsPages(input *ListRootsInput, fn func(*ListRootsOutput, bool) bool) error {
 11876  	return c.ListRootsPagesWithContext(aws.BackgroundContext(), input, fn)
 11877  }
 11878  
 11879  // ListRootsPagesWithContext same as ListRootsPages except
 11880  // it takes a Context and allows setting request options on the pages.
 11881  //
 11882  // The context must be non-nil and will be used for request cancellation. If
 11883  // the context is nil a panic will occur. In the future the SDK may create
 11884  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 11885  // for more information on using Contexts.
 11886  func (c *Organizations) ListRootsPagesWithContext(ctx aws.Context, input *ListRootsInput, fn func(*ListRootsOutput, bool) bool, opts ...request.Option) error {
 11887  	p := request.Pagination{
 11888  		NewRequest: func() (*request.Request, error) {
 11889  			var inCpy *ListRootsInput
 11890  			if input != nil {
 11891  				tmp := *input
 11892  				inCpy = &tmp
 11893  			}
 11894  			req, _ := c.ListRootsRequest(inCpy)
 11895  			req.SetContext(ctx)
 11896  			req.ApplyOptions(opts...)
 11897  			return req, nil
 11898  		},
 11899  	}
 11900  
 11901  	for p.Next() {
 11902  		if !fn(p.Page().(*ListRootsOutput), !p.HasNextPage()) {
 11903  			break
 11904  		}
 11905  	}
 11906  
 11907  	return p.Err()
 11908  }
 11909  
 11910  const opListTagsForResource = "ListTagsForResource"
 11911  
 11912  // ListTagsForResourceRequest generates a "aws/request.Request" representing the
 11913  // client's request for the ListTagsForResource operation. The "output" return
 11914  // value will be populated with the request's response once the request completes
 11915  // successfully.
 11916  //
 11917  // Use "Send" method on the returned Request to send the API call to the service.
 11918  // the "output" return value is not valid until after Send returns without error.
 11919  //
 11920  // See ListTagsForResource for more information on using the ListTagsForResource
 11921  // API call, and error handling.
 11922  //
 11923  // This method is useful when you want to inject custom logic or configuration
 11924  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 11925  //
 11926  //
 11927  //    // Example sending a request using the ListTagsForResourceRequest method.
 11928  //    req, resp := client.ListTagsForResourceRequest(params)
 11929  //
 11930  //    err := req.Send()
 11931  //    if err == nil { // resp is now filled
 11932  //        fmt.Println(resp)
 11933  //    }
 11934  //
 11935  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
 11936  func (c *Organizations) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
 11937  	op := &request.Operation{
 11938  		Name:       opListTagsForResource,
 11939  		HTTPMethod: "POST",
 11940  		HTTPPath:   "/",
 11941  		Paginator: &request.Paginator{
 11942  			InputTokens:     []string{"NextToken"},
 11943  			OutputTokens:    []string{"NextToken"},
 11944  			LimitToken:      "",
 11945  			TruncationToken: "",
 11946  		},
 11947  	}
 11948  
 11949  	if input == nil {
 11950  		input = &ListTagsForResourceInput{}
 11951  	}
 11952  
 11953  	output = &ListTagsForResourceOutput{}
 11954  	req = c.newRequest(op, input, output)
 11955  	return
 11956  }
 11957  
 11958  // ListTagsForResource API operation for AWS Organizations.
 11959  //
 11960  // Lists tags that are attached to the specified resource.
 11961  //
 11962  // You can attach tags to the following resources in AWS Organizations.
 11963  //
 11964  //    * AWS account
 11965  //
 11966  //    * Organization root
 11967  //
 11968  //    * Organizational unit (OU)
 11969  //
 11970  //    * Policy (any type)
 11971  //
 11972  // This operation can be called only from the organization's management account
 11973  // or by a member account that is a delegated administrator for an AWS service.
 11974  //
 11975  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 11976  // with awserr.Error's Code and Message methods to get detailed information about
 11977  // the error.
 11978  //
 11979  // See the AWS API reference guide for AWS Organizations's
 11980  // API operation ListTagsForResource for usage and error information.
 11981  //
 11982  // Returned Error Types:
 11983  //   * AccessDeniedException
 11984  //   You don't have permissions to perform the requested operation. The user or
 11985  //   role that is making the request must have at least one IAM permissions policy
 11986  //   attached that grants the required permissions. For more information, see
 11987  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 11988  //   in the IAM User Guide.
 11989  //
 11990  //   * AWSOrganizationsNotInUseException
 11991  //   Your account isn't a member of an organization. To make this request, you
 11992  //   must use the credentials of an account that belongs to an organization.
 11993  //
 11994  //   * TargetNotFoundException
 11995  //   We can't find a root, OU, account, or policy with the TargetId that you specified.
 11996  //
 11997  //   * InvalidInputException
 11998  //   The requested operation failed because you provided invalid values for one
 11999  //   or more of the request parameters. This exception includes a reason that
 12000  //   contains additional information about the violated limit:
 12001  //
 12002  //   Some of the reasons in the following list might not be applicable to this
 12003  //   specific API or operation.
 12004  //
 12005  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 12006  //      the same entity.
 12007  //
 12008  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 12009  //      can't be modified.
 12010  //
 12011  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 12012  //
 12013  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 12014  //      for the invited account owner.
 12015  //
 12016  //      * INVALID_ENUM: You specified an invalid value.
 12017  //
 12018  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 12019  //
 12020  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 12021  //      characters.
 12022  //
 12023  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 12024  //      at least one invalid value.
 12025  //
 12026  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 12027  //      from the response to a previous call of the operation.
 12028  //
 12029  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 12030  //      organization, or email) as a party.
 12031  //
 12032  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 12033  //      pattern.
 12034  //
 12035  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 12036  //      match the required pattern.
 12037  //
 12038  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 12039  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 12040  //
 12041  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 12042  //      Name (ARN) for the organization.
 12043  //
 12044  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 12045  //
 12046  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 12047  //      tag. You can’t add, edit, or delete system tag keys because they're
 12048  //      reserved for AWS use. System tags don’t count against your tags per
 12049  //      resource limit.
 12050  //
 12051  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 12052  //      for the operation.
 12053  //
 12054  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 12055  //      than allowed.
 12056  //
 12057  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 12058  //      value than allowed.
 12059  //
 12060  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 12061  //      than allowed.
 12062  //
 12063  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 12064  //      value than allowed.
 12065  //
 12066  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 12067  //      between entities in the same root.
 12068  //
 12069  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 12070  //      target entity.
 12071  //
 12072  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 12073  //      isn't recognized.
 12074  //
 12075  //   * ServiceException
 12076  //   AWS Organizations can't complete your request because of an internal service
 12077  //   error. Try again later.
 12078  //
 12079  //   * TooManyRequestsException
 12080  //   You have sent too many requests in too short a period of time. The quota
 12081  //   helps protect against denial-of-service attacks. Try again later.
 12082  //
 12083  //   For information about quotas that affect AWS Organizations, see Quotas for
 12084  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 12085  //   the AWS Organizations User Guide.
 12086  //
 12087  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTagsForResource
 12088  func (c *Organizations) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
 12089  	req, out := c.ListTagsForResourceRequest(input)
 12090  	return out, req.Send()
 12091  }
 12092  
 12093  // ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
 12094  // the ability to pass a context and additional request options.
 12095  //
 12096  // See ListTagsForResource for details on how to use this API operation.
 12097  //
 12098  // The context must be non-nil and will be used for request cancellation. If
 12099  // the context is nil a panic will occur. In the future the SDK may create
 12100  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 12101  // for more information on using Contexts.
 12102  func (c *Organizations) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
 12103  	req, out := c.ListTagsForResourceRequest(input)
 12104  	req.SetContext(ctx)
 12105  	req.ApplyOptions(opts...)
 12106  	return out, req.Send()
 12107  }
 12108  
 12109  // ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation,
 12110  // calling the "fn" function with the response data for each page. To stop
 12111  // iterating, return false from the fn function.
 12112  //
 12113  // See ListTagsForResource method for more information on how to use this operation.
 12114  //
 12115  // Note: This operation can generate multiple requests to a service.
 12116  //
 12117  //    // Example iterating over at most 3 pages of a ListTagsForResource operation.
 12118  //    pageNum := 0
 12119  //    err := client.ListTagsForResourcePages(params,
 12120  //        func(page *organizations.ListTagsForResourceOutput, lastPage bool) bool {
 12121  //            pageNum++
 12122  //            fmt.Println(page)
 12123  //            return pageNum <= 3
 12124  //        })
 12125  //
 12126  func (c *Organizations) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error {
 12127  	return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn)
 12128  }
 12129  
 12130  // ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except
 12131  // it takes a Context and allows setting request options on the pages.
 12132  //
 12133  // The context must be non-nil and will be used for request cancellation. If
 12134  // the context is nil a panic will occur. In the future the SDK may create
 12135  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 12136  // for more information on using Contexts.
 12137  func (c *Organizations) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error {
 12138  	p := request.Pagination{
 12139  		NewRequest: func() (*request.Request, error) {
 12140  			var inCpy *ListTagsForResourceInput
 12141  			if input != nil {
 12142  				tmp := *input
 12143  				inCpy = &tmp
 12144  			}
 12145  			req, _ := c.ListTagsForResourceRequest(inCpy)
 12146  			req.SetContext(ctx)
 12147  			req.ApplyOptions(opts...)
 12148  			return req, nil
 12149  		},
 12150  	}
 12151  
 12152  	for p.Next() {
 12153  		if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) {
 12154  			break
 12155  		}
 12156  	}
 12157  
 12158  	return p.Err()
 12159  }
 12160  
 12161  const opListTargetsForPolicy = "ListTargetsForPolicy"
 12162  
 12163  // ListTargetsForPolicyRequest generates a "aws/request.Request" representing the
 12164  // client's request for the ListTargetsForPolicy operation. The "output" return
 12165  // value will be populated with the request's response once the request completes
 12166  // successfully.
 12167  //
 12168  // Use "Send" method on the returned Request to send the API call to the service.
 12169  // the "output" return value is not valid until after Send returns without error.
 12170  //
 12171  // See ListTargetsForPolicy for more information on using the ListTargetsForPolicy
 12172  // API call, and error handling.
 12173  //
 12174  // This method is useful when you want to inject custom logic or configuration
 12175  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 12176  //
 12177  //
 12178  //    // Example sending a request using the ListTargetsForPolicyRequest method.
 12179  //    req, resp := client.ListTargetsForPolicyRequest(params)
 12180  //
 12181  //    err := req.Send()
 12182  //    if err == nil { // resp is now filled
 12183  //        fmt.Println(resp)
 12184  //    }
 12185  //
 12186  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
 12187  func (c *Organizations) ListTargetsForPolicyRequest(input *ListTargetsForPolicyInput) (req *request.Request, output *ListTargetsForPolicyOutput) {
 12188  	op := &request.Operation{
 12189  		Name:       opListTargetsForPolicy,
 12190  		HTTPMethod: "POST",
 12191  		HTTPPath:   "/",
 12192  		Paginator: &request.Paginator{
 12193  			InputTokens:     []string{"NextToken"},
 12194  			OutputTokens:    []string{"NextToken"},
 12195  			LimitToken:      "MaxResults",
 12196  			TruncationToken: "",
 12197  		},
 12198  	}
 12199  
 12200  	if input == nil {
 12201  		input = &ListTargetsForPolicyInput{}
 12202  	}
 12203  
 12204  	output = &ListTargetsForPolicyOutput{}
 12205  	req = c.newRequest(op, input, output)
 12206  	return
 12207  }
 12208  
 12209  // ListTargetsForPolicy API operation for AWS Organizations.
 12210  //
 12211  // Lists all the roots, organizational units (OUs), and accounts that the specified
 12212  // policy is attached to.
 12213  //
 12214  // Always check the NextToken response parameter for a null value when calling
 12215  // a List* operation. These operations can occasionally return an empty set
 12216  // of results even when there are more results available. The NextToken response
 12217  // parameter value is null only when there are no more results to display.
 12218  //
 12219  // This operation can be called only from the organization's management account
 12220  // or by a member account that is a delegated administrator for an AWS service.
 12221  //
 12222  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 12223  // with awserr.Error's Code and Message methods to get detailed information about
 12224  // the error.
 12225  //
 12226  // See the AWS API reference guide for AWS Organizations's
 12227  // API operation ListTargetsForPolicy for usage and error information.
 12228  //
 12229  // Returned Error Types:
 12230  //   * AccessDeniedException
 12231  //   You don't have permissions to perform the requested operation. The user or
 12232  //   role that is making the request must have at least one IAM permissions policy
 12233  //   attached that grants the required permissions. For more information, see
 12234  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 12235  //   in the IAM User Guide.
 12236  //
 12237  //   * AWSOrganizationsNotInUseException
 12238  //   Your account isn't a member of an organization. To make this request, you
 12239  //   must use the credentials of an account that belongs to an organization.
 12240  //
 12241  //   * InvalidInputException
 12242  //   The requested operation failed because you provided invalid values for one
 12243  //   or more of the request parameters. This exception includes a reason that
 12244  //   contains additional information about the violated limit:
 12245  //
 12246  //   Some of the reasons in the following list might not be applicable to this
 12247  //   specific API or operation.
 12248  //
 12249  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 12250  //      the same entity.
 12251  //
 12252  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 12253  //      can't be modified.
 12254  //
 12255  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 12256  //
 12257  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 12258  //      for the invited account owner.
 12259  //
 12260  //      * INVALID_ENUM: You specified an invalid value.
 12261  //
 12262  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 12263  //
 12264  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 12265  //      characters.
 12266  //
 12267  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 12268  //      at least one invalid value.
 12269  //
 12270  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 12271  //      from the response to a previous call of the operation.
 12272  //
 12273  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 12274  //      organization, or email) as a party.
 12275  //
 12276  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 12277  //      pattern.
 12278  //
 12279  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 12280  //      match the required pattern.
 12281  //
 12282  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 12283  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 12284  //
 12285  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 12286  //      Name (ARN) for the organization.
 12287  //
 12288  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 12289  //
 12290  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 12291  //      tag. You can’t add, edit, or delete system tag keys because they're
 12292  //      reserved for AWS use. System tags don’t count against your tags per
 12293  //      resource limit.
 12294  //
 12295  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 12296  //      for the operation.
 12297  //
 12298  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 12299  //      than allowed.
 12300  //
 12301  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 12302  //      value than allowed.
 12303  //
 12304  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 12305  //      than allowed.
 12306  //
 12307  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 12308  //      value than allowed.
 12309  //
 12310  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 12311  //      between entities in the same root.
 12312  //
 12313  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 12314  //      target entity.
 12315  //
 12316  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 12317  //      isn't recognized.
 12318  //
 12319  //   * PolicyNotFoundException
 12320  //   We can't find a policy with the PolicyId that you specified.
 12321  //
 12322  //   * ServiceException
 12323  //   AWS Organizations can't complete your request because of an internal service
 12324  //   error. Try again later.
 12325  //
 12326  //   * TooManyRequestsException
 12327  //   You have sent too many requests in too short a period of time. The quota
 12328  //   helps protect against denial-of-service attacks. Try again later.
 12329  //
 12330  //   For information about quotas that affect AWS Organizations, see Quotas for
 12331  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 12332  //   the AWS Organizations User Guide.
 12333  //
 12334  //   * UnsupportedAPIEndpointException
 12335  //   This action isn't available in the current AWS Region.
 12336  //
 12337  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/ListTargetsForPolicy
 12338  func (c *Organizations) ListTargetsForPolicy(input *ListTargetsForPolicyInput) (*ListTargetsForPolicyOutput, error) {
 12339  	req, out := c.ListTargetsForPolicyRequest(input)
 12340  	return out, req.Send()
 12341  }
 12342  
 12343  // ListTargetsForPolicyWithContext is the same as ListTargetsForPolicy with the addition of
 12344  // the ability to pass a context and additional request options.
 12345  //
 12346  // See ListTargetsForPolicy for details on how to use this API operation.
 12347  //
 12348  // The context must be non-nil and will be used for request cancellation. If
 12349  // the context is nil a panic will occur. In the future the SDK may create
 12350  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 12351  // for more information on using Contexts.
 12352  func (c *Organizations) ListTargetsForPolicyWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, opts ...request.Option) (*ListTargetsForPolicyOutput, error) {
 12353  	req, out := c.ListTargetsForPolicyRequest(input)
 12354  	req.SetContext(ctx)
 12355  	req.ApplyOptions(opts...)
 12356  	return out, req.Send()
 12357  }
 12358  
 12359  // ListTargetsForPolicyPages iterates over the pages of a ListTargetsForPolicy operation,
 12360  // calling the "fn" function with the response data for each page. To stop
 12361  // iterating, return false from the fn function.
 12362  //
 12363  // See ListTargetsForPolicy method for more information on how to use this operation.
 12364  //
 12365  // Note: This operation can generate multiple requests to a service.
 12366  //
 12367  //    // Example iterating over at most 3 pages of a ListTargetsForPolicy operation.
 12368  //    pageNum := 0
 12369  //    err := client.ListTargetsForPolicyPages(params,
 12370  //        func(page *organizations.ListTargetsForPolicyOutput, lastPage bool) bool {
 12371  //            pageNum++
 12372  //            fmt.Println(page)
 12373  //            return pageNum <= 3
 12374  //        })
 12375  //
 12376  func (c *Organizations) ListTargetsForPolicyPages(input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool) error {
 12377  	return c.ListTargetsForPolicyPagesWithContext(aws.BackgroundContext(), input, fn)
 12378  }
 12379  
 12380  // ListTargetsForPolicyPagesWithContext same as ListTargetsForPolicyPages except
 12381  // it takes a Context and allows setting request options on the pages.
 12382  //
 12383  // The context must be non-nil and will be used for request cancellation. If
 12384  // the context is nil a panic will occur. In the future the SDK may create
 12385  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 12386  // for more information on using Contexts.
 12387  func (c *Organizations) ListTargetsForPolicyPagesWithContext(ctx aws.Context, input *ListTargetsForPolicyInput, fn func(*ListTargetsForPolicyOutput, bool) bool, opts ...request.Option) error {
 12388  	p := request.Pagination{
 12389  		NewRequest: func() (*request.Request, error) {
 12390  			var inCpy *ListTargetsForPolicyInput
 12391  			if input != nil {
 12392  				tmp := *input
 12393  				inCpy = &tmp
 12394  			}
 12395  			req, _ := c.ListTargetsForPolicyRequest(inCpy)
 12396  			req.SetContext(ctx)
 12397  			req.ApplyOptions(opts...)
 12398  			return req, nil
 12399  		},
 12400  	}
 12401  
 12402  	for p.Next() {
 12403  		if !fn(p.Page().(*ListTargetsForPolicyOutput), !p.HasNextPage()) {
 12404  			break
 12405  		}
 12406  	}
 12407  
 12408  	return p.Err()
 12409  }
 12410  
 12411  const opMoveAccount = "MoveAccount"
 12412  
 12413  // MoveAccountRequest generates a "aws/request.Request" representing the
 12414  // client's request for the MoveAccount operation. The "output" return
 12415  // value will be populated with the request's response once the request completes
 12416  // successfully.
 12417  //
 12418  // Use "Send" method on the returned Request to send the API call to the service.
 12419  // the "output" return value is not valid until after Send returns without error.
 12420  //
 12421  // See MoveAccount for more information on using the MoveAccount
 12422  // API call, and error handling.
 12423  //
 12424  // This method is useful when you want to inject custom logic or configuration
 12425  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 12426  //
 12427  //
 12428  //    // Example sending a request using the MoveAccountRequest method.
 12429  //    req, resp := client.MoveAccountRequest(params)
 12430  //
 12431  //    err := req.Send()
 12432  //    if err == nil { // resp is now filled
 12433  //        fmt.Println(resp)
 12434  //    }
 12435  //
 12436  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
 12437  func (c *Organizations) MoveAccountRequest(input *MoveAccountInput) (req *request.Request, output *MoveAccountOutput) {
 12438  	op := &request.Operation{
 12439  		Name:       opMoveAccount,
 12440  		HTTPMethod: "POST",
 12441  		HTTPPath:   "/",
 12442  	}
 12443  
 12444  	if input == nil {
 12445  		input = &MoveAccountInput{}
 12446  	}
 12447  
 12448  	output = &MoveAccountOutput{}
 12449  	req = c.newRequest(op, input, output)
 12450  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 12451  	return
 12452  }
 12453  
 12454  // MoveAccount API operation for AWS Organizations.
 12455  //
 12456  // Moves an account from its current source parent root or organizational unit
 12457  // (OU) to the specified destination parent root or OU.
 12458  //
 12459  // This operation can be called only from the organization's management account.
 12460  //
 12461  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 12462  // with awserr.Error's Code and Message methods to get detailed information about
 12463  // the error.
 12464  //
 12465  // See the AWS API reference guide for AWS Organizations's
 12466  // API operation MoveAccount for usage and error information.
 12467  //
 12468  // Returned Error Types:
 12469  //   * AccessDeniedException
 12470  //   You don't have permissions to perform the requested operation. The user or
 12471  //   role that is making the request must have at least one IAM permissions policy
 12472  //   attached that grants the required permissions. For more information, see
 12473  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 12474  //   in the IAM User Guide.
 12475  //
 12476  //   * InvalidInputException
 12477  //   The requested operation failed because you provided invalid values for one
 12478  //   or more of the request parameters. This exception includes a reason that
 12479  //   contains additional information about the violated limit:
 12480  //
 12481  //   Some of the reasons in the following list might not be applicable to this
 12482  //   specific API or operation.
 12483  //
 12484  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 12485  //      the same entity.
 12486  //
 12487  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 12488  //      can't be modified.
 12489  //
 12490  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 12491  //
 12492  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 12493  //      for the invited account owner.
 12494  //
 12495  //      * INVALID_ENUM: You specified an invalid value.
 12496  //
 12497  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 12498  //
 12499  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 12500  //      characters.
 12501  //
 12502  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 12503  //      at least one invalid value.
 12504  //
 12505  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 12506  //      from the response to a previous call of the operation.
 12507  //
 12508  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 12509  //      organization, or email) as a party.
 12510  //
 12511  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 12512  //      pattern.
 12513  //
 12514  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 12515  //      match the required pattern.
 12516  //
 12517  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 12518  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 12519  //
 12520  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 12521  //      Name (ARN) for the organization.
 12522  //
 12523  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 12524  //
 12525  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 12526  //      tag. You can’t add, edit, or delete system tag keys because they're
 12527  //      reserved for AWS use. System tags don’t count against your tags per
 12528  //      resource limit.
 12529  //
 12530  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 12531  //      for the operation.
 12532  //
 12533  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 12534  //      than allowed.
 12535  //
 12536  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 12537  //      value than allowed.
 12538  //
 12539  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 12540  //      than allowed.
 12541  //
 12542  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 12543  //      value than allowed.
 12544  //
 12545  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 12546  //      between entities in the same root.
 12547  //
 12548  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 12549  //      target entity.
 12550  //
 12551  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 12552  //      isn't recognized.
 12553  //
 12554  //   * SourceParentNotFoundException
 12555  //   We can't find a source root or OU with the ParentId that you specified.
 12556  //
 12557  //   * DestinationParentNotFoundException
 12558  //   We can't find the destination container (a root or OU) with the ParentId
 12559  //   that you specified.
 12560  //
 12561  //   * DuplicateAccountException
 12562  //   That account is already present in the specified destination.
 12563  //
 12564  //   * AccountNotFoundException
 12565  //   We can't find an AWS account with the AccountId that you specified, or the
 12566  //   account whose credentials you used to make this request isn't a member of
 12567  //   an organization.
 12568  //
 12569  //   * TooManyRequestsException
 12570  //   You have sent too many requests in too short a period of time. The quota
 12571  //   helps protect against denial-of-service attacks. Try again later.
 12572  //
 12573  //   For information about quotas that affect AWS Organizations, see Quotas for
 12574  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 12575  //   the AWS Organizations User Guide.
 12576  //
 12577  //   * ConcurrentModificationException
 12578  //   The target of the operation is currently being modified by a different request.
 12579  //   Try again later.
 12580  //
 12581  //   * AWSOrganizationsNotInUseException
 12582  //   Your account isn't a member of an organization. To make this request, you
 12583  //   must use the credentials of an account that belongs to an organization.
 12584  //
 12585  //   * ServiceException
 12586  //   AWS Organizations can't complete your request because of an internal service
 12587  //   error. Try again later.
 12588  //
 12589  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/MoveAccount
 12590  func (c *Organizations) MoveAccount(input *MoveAccountInput) (*MoveAccountOutput, error) {
 12591  	req, out := c.MoveAccountRequest(input)
 12592  	return out, req.Send()
 12593  }
 12594  
 12595  // MoveAccountWithContext is the same as MoveAccount with the addition of
 12596  // the ability to pass a context and additional request options.
 12597  //
 12598  // See MoveAccount for details on how to use this API operation.
 12599  //
 12600  // The context must be non-nil and will be used for request cancellation. If
 12601  // the context is nil a panic will occur. In the future the SDK may create
 12602  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 12603  // for more information on using Contexts.
 12604  func (c *Organizations) MoveAccountWithContext(ctx aws.Context, input *MoveAccountInput, opts ...request.Option) (*MoveAccountOutput, error) {
 12605  	req, out := c.MoveAccountRequest(input)
 12606  	req.SetContext(ctx)
 12607  	req.ApplyOptions(opts...)
 12608  	return out, req.Send()
 12609  }
 12610  
 12611  const opRegisterDelegatedAdministrator = "RegisterDelegatedAdministrator"
 12612  
 12613  // RegisterDelegatedAdministratorRequest generates a "aws/request.Request" representing the
 12614  // client's request for the RegisterDelegatedAdministrator operation. The "output" return
 12615  // value will be populated with the request's response once the request completes
 12616  // successfully.
 12617  //
 12618  // Use "Send" method on the returned Request to send the API call to the service.
 12619  // the "output" return value is not valid until after Send returns without error.
 12620  //
 12621  // See RegisterDelegatedAdministrator for more information on using the RegisterDelegatedAdministrator
 12622  // API call, and error handling.
 12623  //
 12624  // This method is useful when you want to inject custom logic or configuration
 12625  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 12626  //
 12627  //
 12628  //    // Example sending a request using the RegisterDelegatedAdministratorRequest method.
 12629  //    req, resp := client.RegisterDelegatedAdministratorRequest(params)
 12630  //
 12631  //    err := req.Send()
 12632  //    if err == nil { // resp is now filled
 12633  //        fmt.Println(resp)
 12634  //    }
 12635  //
 12636  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator
 12637  func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDelegatedAdministratorInput) (req *request.Request, output *RegisterDelegatedAdministratorOutput) {
 12638  	op := &request.Operation{
 12639  		Name:       opRegisterDelegatedAdministrator,
 12640  		HTTPMethod: "POST",
 12641  		HTTPPath:   "/",
 12642  	}
 12643  
 12644  	if input == nil {
 12645  		input = &RegisterDelegatedAdministratorInput{}
 12646  	}
 12647  
 12648  	output = &RegisterDelegatedAdministratorOutput{}
 12649  	req = c.newRequest(op, input, output)
 12650  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 12651  	return
 12652  }
 12653  
 12654  // RegisterDelegatedAdministrator API operation for AWS Organizations.
 12655  //
 12656  // Enables the specified member account to administer the Organizations features
 12657  // of the specified AWS service. It grants read-only access to AWS Organizations
 12658  // service data. The account still requires IAM permissions to access and administer
 12659  // the AWS service.
 12660  //
 12661  // You can run this action only for AWS services that support this feature.
 12662  // For a current list of services that support it, see the column Supports Delegated
 12663  // Administrator in the table at AWS Services that you can use with AWS Organizations
 12664  // (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html)
 12665  // in the AWS Organizations User Guide.
 12666  //
 12667  // This operation can be called only from the organization's management account.
 12668  //
 12669  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 12670  // with awserr.Error's Code and Message methods to get detailed information about
 12671  // the error.
 12672  //
 12673  // See the AWS API reference guide for AWS Organizations's
 12674  // API operation RegisterDelegatedAdministrator for usage and error information.
 12675  //
 12676  // Returned Error Types:
 12677  //   * AccessDeniedException
 12678  //   You don't have permissions to perform the requested operation. The user or
 12679  //   role that is making the request must have at least one IAM permissions policy
 12680  //   attached that grants the required permissions. For more information, see
 12681  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 12682  //   in the IAM User Guide.
 12683  //
 12684  //   * AccountAlreadyRegisteredException
 12685  //   The specified account is already a delegated administrator for this AWS service.
 12686  //
 12687  //   * AccountNotFoundException
 12688  //   We can't find an AWS account with the AccountId that you specified, or the
 12689  //   account whose credentials you used to make this request isn't a member of
 12690  //   an organization.
 12691  //
 12692  //   * AWSOrganizationsNotInUseException
 12693  //   Your account isn't a member of an organization. To make this request, you
 12694  //   must use the credentials of an account that belongs to an organization.
 12695  //
 12696  //   * ConcurrentModificationException
 12697  //   The target of the operation is currently being modified by a different request.
 12698  //   Try again later.
 12699  //
 12700  //   * ConstraintViolationException
 12701  //   Performing this operation violates a minimum or maximum value limit. For
 12702  //   example, attempting to remove the last service control policy (SCP) from
 12703  //   an OU or root, inviting or creating too many accounts to the organization,
 12704  //   or attaching too many policies to an account, OU, or root. This exception
 12705  //   includes a reason that contains additional information about the violated
 12706  //   limit:
 12707  //
 12708  //   Some of the reasons in the following list might not be applicable to this
 12709  //   specific API or operation.
 12710  //
 12711  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
 12712  //      account from the organization. You can't remove the management account.
 12713  //      Instead, after you remove all member accounts, delete the organization
 12714  //      itself.
 12715  //
 12716  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
 12717  //      from the organization that doesn't yet have enough information to exist
 12718  //      as a standalone account. This account requires you to first agree to the
 12719  //      AWS Customer Agreement. Follow the steps at Removing a member account
 12720  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
 12721  //      the AWS Organizations User Guide.
 12722  //
 12723  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
 12724  //      an account from the organization that doesn't yet have enough information
 12725  //      to exist as a standalone account. This account requires you to first complete
 12726  //      phone verification. Follow the steps at Removing a member account from
 12727  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
 12728  //      in the AWS Organizations User Guide.
 12729  //
 12730  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
 12731  //      of accounts that you can create in one day.
 12732  //
 12733  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
 12734  //      the number of accounts in an organization. If you need more accounts,
 12735  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
 12736  //      request an increase in your limit. Or the number of invitations that you
 12737  //      tried to send would cause you to exceed the limit of accounts in your
 12738  //      organization. Send fewer invitations or contact AWS Support to request
 12739  //      an increase in the number of accounts. Deleted and closed accounts still
 12740  //      count toward your limit. If you get this exception when running a command
 12741  //      immediately after creating the organization, wait one hour and try again.
 12742  //      After an hour, if the command continues to fail with this error, contact
 12743  //      AWS Support (https://console.aws.amazon.com/support/home#/).
 12744  //
 12745  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
 12746  //      register the management account of the organization as a delegated administrator
 12747  //      for an AWS service integrated with Organizations. You can designate only
 12748  //      a member account as a delegated administrator.
 12749  //
 12750  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
 12751  //      an account that is registered as a delegated administrator for a service
 12752  //      integrated with your organization. To complete this operation, you must
 12753  //      first deregister this account as a delegated administrator.
 12754  //
 12755  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
 12756  //      organization in the specified region, you must enable all features mode.
 12757  //
 12758  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
 12759  //      an AWS account as a delegated administrator for an AWS service that already
 12760  //      has a delegated administrator. To complete this operation, you must first
 12761  //      deregister any existing delegated administrators for this service.
 12762  //
 12763  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
 12764  //      valid for a limited period of time. You must resubmit the request and
 12765  //      generate a new verfication code.
 12766  //
 12767  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
 12768  //      handshakes that you can send in one day.
 12769  //
 12770  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
 12771  //      in this organization, you first must migrate the organization's management
 12772  //      account to the marketplace that corresponds to the management account's
 12773  //      address. For example, accounts with India addresses must be associated
 12774  //      with the AISPL marketplace. All accounts in an organization must be associated
 12775  //      with the same marketplace.
 12776  //
 12777  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
 12778  //      in China. To create an organization, the master must have a valid business
 12779  //      license. For more information, contact customer support.
 12780  //
 12781  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
 12782  //      must first provide a valid contact address and phone number for the management
 12783  //      account. Then try the operation again.
 12784  //
 12785  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
 12786  //      management account must have an associated account in the AWS GovCloud
 12787  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
 12788  //      in the AWS GovCloud User Guide.
 12789  //
 12790  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
 12791  //      with this management account, you first must associate a valid payment
 12792  //      instrument, such as a credit card, with the account. Follow the steps
 12793  //      at To leave an organization when all required account information has
 12794  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 12795  //      in the AWS Organizations User Guide.
 12796  //
 12797  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
 12798  //      to register more delegated administrators than allowed for the service
 12799  //      principal.
 12800  //
 12801  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
 12802  //      number of policies of a certain type that can be attached to an entity
 12803  //      at one time.
 12804  //
 12805  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
 12806  //      on this resource.
 12807  //
 12808  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
 12809  //      with this member account, you first must associate a valid payment instrument,
 12810  //      such as a credit card, with the account. Follow the steps at To leave
 12811  //      an organization when all required account information has not yet been
 12812  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 12813  //      in the AWS Organizations User Guide.
 12814  //
 12815  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
 12816  //      policy from an entity that would cause the entity to have fewer than the
 12817  //      minimum number of policies of a certain type required.
 12818  //
 12819  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
 12820  //      that requires the organization to be configured to support all features.
 12821  //      An organization that supports only consolidated billing features can't
 12822  //      perform this operation.
 12823  //
 12824  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
 12825  //      too many levels deep.
 12826  //
 12827  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
 12828  //      that you can have in an organization.
 12829  //
 12830  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
 12831  //      is larger than the maximum size.
 12832  //
 12833  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
 12834  //      policies that you can have in an organization.
 12835  //
 12836  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
 12837  //      tags that are not compliant with the tag policy requirements for this
 12838  //      account.
 12839  //
 12840  //   * InvalidInputException
 12841  //   The requested operation failed because you provided invalid values for one
 12842  //   or more of the request parameters. This exception includes a reason that
 12843  //   contains additional information about the violated limit:
 12844  //
 12845  //   Some of the reasons in the following list might not be applicable to this
 12846  //   specific API or operation.
 12847  //
 12848  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 12849  //      the same entity.
 12850  //
 12851  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 12852  //      can't be modified.
 12853  //
 12854  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 12855  //
 12856  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 12857  //      for the invited account owner.
 12858  //
 12859  //      * INVALID_ENUM: You specified an invalid value.
 12860  //
 12861  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 12862  //
 12863  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 12864  //      characters.
 12865  //
 12866  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 12867  //      at least one invalid value.
 12868  //
 12869  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 12870  //      from the response to a previous call of the operation.
 12871  //
 12872  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 12873  //      organization, or email) as a party.
 12874  //
 12875  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 12876  //      pattern.
 12877  //
 12878  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 12879  //      match the required pattern.
 12880  //
 12881  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 12882  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 12883  //
 12884  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 12885  //      Name (ARN) for the organization.
 12886  //
 12887  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 12888  //
 12889  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 12890  //      tag. You can’t add, edit, or delete system tag keys because they're
 12891  //      reserved for AWS use. System tags don’t count against your tags per
 12892  //      resource limit.
 12893  //
 12894  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 12895  //      for the operation.
 12896  //
 12897  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 12898  //      than allowed.
 12899  //
 12900  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 12901  //      value than allowed.
 12902  //
 12903  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 12904  //      than allowed.
 12905  //
 12906  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 12907  //      value than allowed.
 12908  //
 12909  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 12910  //      between entities in the same root.
 12911  //
 12912  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 12913  //      target entity.
 12914  //
 12915  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 12916  //      isn't recognized.
 12917  //
 12918  //   * TooManyRequestsException
 12919  //   You have sent too many requests in too short a period of time. The quota
 12920  //   helps protect against denial-of-service attacks. Try again later.
 12921  //
 12922  //   For information about quotas that affect AWS Organizations, see Quotas for
 12923  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 12924  //   the AWS Organizations User Guide.
 12925  //
 12926  //   * ServiceException
 12927  //   AWS Organizations can't complete your request because of an internal service
 12928  //   error. Try again later.
 12929  //
 12930  //   * UnsupportedAPIEndpointException
 12931  //   This action isn't available in the current AWS Region.
 12932  //
 12933  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RegisterDelegatedAdministrator
 12934  func (c *Organizations) RegisterDelegatedAdministrator(input *RegisterDelegatedAdministratorInput) (*RegisterDelegatedAdministratorOutput, error) {
 12935  	req, out := c.RegisterDelegatedAdministratorRequest(input)
 12936  	return out, req.Send()
 12937  }
 12938  
 12939  // RegisterDelegatedAdministratorWithContext is the same as RegisterDelegatedAdministrator with the addition of
 12940  // the ability to pass a context and additional request options.
 12941  //
 12942  // See RegisterDelegatedAdministrator for details on how to use this API operation.
 12943  //
 12944  // The context must be non-nil and will be used for request cancellation. If
 12945  // the context is nil a panic will occur. In the future the SDK may create
 12946  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 12947  // for more information on using Contexts.
 12948  func (c *Organizations) RegisterDelegatedAdministratorWithContext(ctx aws.Context, input *RegisterDelegatedAdministratorInput, opts ...request.Option) (*RegisterDelegatedAdministratorOutput, error) {
 12949  	req, out := c.RegisterDelegatedAdministratorRequest(input)
 12950  	req.SetContext(ctx)
 12951  	req.ApplyOptions(opts...)
 12952  	return out, req.Send()
 12953  }
 12954  
 12955  const opRemoveAccountFromOrganization = "RemoveAccountFromOrganization"
 12956  
 12957  // RemoveAccountFromOrganizationRequest generates a "aws/request.Request" representing the
 12958  // client's request for the RemoveAccountFromOrganization operation. The "output" return
 12959  // value will be populated with the request's response once the request completes
 12960  // successfully.
 12961  //
 12962  // Use "Send" method on the returned Request to send the API call to the service.
 12963  // the "output" return value is not valid until after Send returns without error.
 12964  //
 12965  // See RemoveAccountFromOrganization for more information on using the RemoveAccountFromOrganization
 12966  // API call, and error handling.
 12967  //
 12968  // This method is useful when you want to inject custom logic or configuration
 12969  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 12970  //
 12971  //
 12972  //    // Example sending a request using the RemoveAccountFromOrganizationRequest method.
 12973  //    req, resp := client.RemoveAccountFromOrganizationRequest(params)
 12974  //
 12975  //    err := req.Send()
 12976  //    if err == nil { // resp is now filled
 12977  //        fmt.Println(resp)
 12978  //    }
 12979  //
 12980  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
 12981  func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccountFromOrganizationInput) (req *request.Request, output *RemoveAccountFromOrganizationOutput) {
 12982  	op := &request.Operation{
 12983  		Name:       opRemoveAccountFromOrganization,
 12984  		HTTPMethod: "POST",
 12985  		HTTPPath:   "/",
 12986  	}
 12987  
 12988  	if input == nil {
 12989  		input = &RemoveAccountFromOrganizationInput{}
 12990  	}
 12991  
 12992  	output = &RemoveAccountFromOrganizationOutput{}
 12993  	req = c.newRequest(op, input, output)
 12994  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 12995  	return
 12996  }
 12997  
 12998  // RemoveAccountFromOrganization API operation for AWS Organizations.
 12999  //
 13000  // Removes the specified account from the organization.
 13001  //
 13002  // The removed account becomes a standalone account that isn't a member of any
 13003  // organization. It's no longer subject to any policies and is responsible for
 13004  // its own bill payments. The organization's management account is no longer
 13005  // charged for any expenses accrued by the member account after it's removed
 13006  // from the organization.
 13007  //
 13008  // This operation can be called only from the organization's management account.
 13009  // Member accounts can remove themselves with LeaveOrganization instead.
 13010  //
 13011  //    * You can remove an account from your organization only if the account
 13012  //    is configured with the information required to operate as a standalone
 13013  //    account. When you create an account in an organization using the AWS Organizations
 13014  //    console, API, or CLI commands, the information required of standalone
 13015  //    accounts is not automatically collected. For an account that you want
 13016  //    to make standalone, you must choose a support plan, provide and verify
 13017  //    the required contact information, and provide a current payment method.
 13018  //    AWS uses the payment method to charge for any billable (not free tier)
 13019  //    AWS activity that occurs while the account isn't attached to an organization.
 13020  //    To remove an account that doesn't yet have this information, you must
 13021  //    sign in as the member account and follow the steps at To leave an organization
 13022  //    when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 13023  //    in the AWS Organizations User Guide.
 13024  //
 13025  //    * The account that you want to leave must not be a delegated administrator
 13026  //    account for any AWS service enabled for your organization. If the account
 13027  //    is a delegated administrator, you must first change the delegated administrator
 13028  //    account to another account that is remaining in the organization.
 13029  //
 13030  //    * After the account leaves the organization, all tags that were attached
 13031  //    to the account object in the organization are deleted. AWS accounts outside
 13032  //    of an organization do not support tags.
 13033  //
 13034  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 13035  // with awserr.Error's Code and Message methods to get detailed information about
 13036  // the error.
 13037  //
 13038  // See the AWS API reference guide for AWS Organizations's
 13039  // API operation RemoveAccountFromOrganization for usage and error information.
 13040  //
 13041  // Returned Error Types:
 13042  //   * AccessDeniedException
 13043  //   You don't have permissions to perform the requested operation. The user or
 13044  //   role that is making the request must have at least one IAM permissions policy
 13045  //   attached that grants the required permissions. For more information, see
 13046  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 13047  //   in the IAM User Guide.
 13048  //
 13049  //   * AccountNotFoundException
 13050  //   We can't find an AWS account with the AccountId that you specified, or the
 13051  //   account whose credentials you used to make this request isn't a member of
 13052  //   an organization.
 13053  //
 13054  //   * AWSOrganizationsNotInUseException
 13055  //   Your account isn't a member of an organization. To make this request, you
 13056  //   must use the credentials of an account that belongs to an organization.
 13057  //
 13058  //   * ConcurrentModificationException
 13059  //   The target of the operation is currently being modified by a different request.
 13060  //   Try again later.
 13061  //
 13062  //   * ConstraintViolationException
 13063  //   Performing this operation violates a minimum or maximum value limit. For
 13064  //   example, attempting to remove the last service control policy (SCP) from
 13065  //   an OU or root, inviting or creating too many accounts to the organization,
 13066  //   or attaching too many policies to an account, OU, or root. This exception
 13067  //   includes a reason that contains additional information about the violated
 13068  //   limit:
 13069  //
 13070  //   Some of the reasons in the following list might not be applicable to this
 13071  //   specific API or operation.
 13072  //
 13073  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
 13074  //      account from the organization. You can't remove the management account.
 13075  //      Instead, after you remove all member accounts, delete the organization
 13076  //      itself.
 13077  //
 13078  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
 13079  //      from the organization that doesn't yet have enough information to exist
 13080  //      as a standalone account. This account requires you to first agree to the
 13081  //      AWS Customer Agreement. Follow the steps at Removing a member account
 13082  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
 13083  //      the AWS Organizations User Guide.
 13084  //
 13085  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
 13086  //      an account from the organization that doesn't yet have enough information
 13087  //      to exist as a standalone account. This account requires you to first complete
 13088  //      phone verification. Follow the steps at Removing a member account from
 13089  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
 13090  //      in the AWS Organizations User Guide.
 13091  //
 13092  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
 13093  //      of accounts that you can create in one day.
 13094  //
 13095  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
 13096  //      the number of accounts in an organization. If you need more accounts,
 13097  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
 13098  //      request an increase in your limit. Or the number of invitations that you
 13099  //      tried to send would cause you to exceed the limit of accounts in your
 13100  //      organization. Send fewer invitations or contact AWS Support to request
 13101  //      an increase in the number of accounts. Deleted and closed accounts still
 13102  //      count toward your limit. If you get this exception when running a command
 13103  //      immediately after creating the organization, wait one hour and try again.
 13104  //      After an hour, if the command continues to fail with this error, contact
 13105  //      AWS Support (https://console.aws.amazon.com/support/home#/).
 13106  //
 13107  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
 13108  //      register the management account of the organization as a delegated administrator
 13109  //      for an AWS service integrated with Organizations. You can designate only
 13110  //      a member account as a delegated administrator.
 13111  //
 13112  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
 13113  //      an account that is registered as a delegated administrator for a service
 13114  //      integrated with your organization. To complete this operation, you must
 13115  //      first deregister this account as a delegated administrator.
 13116  //
 13117  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
 13118  //      organization in the specified region, you must enable all features mode.
 13119  //
 13120  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
 13121  //      an AWS account as a delegated administrator for an AWS service that already
 13122  //      has a delegated administrator. To complete this operation, you must first
 13123  //      deregister any existing delegated administrators for this service.
 13124  //
 13125  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
 13126  //      valid for a limited period of time. You must resubmit the request and
 13127  //      generate a new verfication code.
 13128  //
 13129  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
 13130  //      handshakes that you can send in one day.
 13131  //
 13132  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
 13133  //      in this organization, you first must migrate the organization's management
 13134  //      account to the marketplace that corresponds to the management account's
 13135  //      address. For example, accounts with India addresses must be associated
 13136  //      with the AISPL marketplace. All accounts in an organization must be associated
 13137  //      with the same marketplace.
 13138  //
 13139  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
 13140  //      in China. To create an organization, the master must have a valid business
 13141  //      license. For more information, contact customer support.
 13142  //
 13143  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
 13144  //      must first provide a valid contact address and phone number for the management
 13145  //      account. Then try the operation again.
 13146  //
 13147  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
 13148  //      management account must have an associated account in the AWS GovCloud
 13149  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
 13150  //      in the AWS GovCloud User Guide.
 13151  //
 13152  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
 13153  //      with this management account, you first must associate a valid payment
 13154  //      instrument, such as a credit card, with the account. Follow the steps
 13155  //      at To leave an organization when all required account information has
 13156  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 13157  //      in the AWS Organizations User Guide.
 13158  //
 13159  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
 13160  //      to register more delegated administrators than allowed for the service
 13161  //      principal.
 13162  //
 13163  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
 13164  //      number of policies of a certain type that can be attached to an entity
 13165  //      at one time.
 13166  //
 13167  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
 13168  //      on this resource.
 13169  //
 13170  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
 13171  //      with this member account, you first must associate a valid payment instrument,
 13172  //      such as a credit card, with the account. Follow the steps at To leave
 13173  //      an organization when all required account information has not yet been
 13174  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 13175  //      in the AWS Organizations User Guide.
 13176  //
 13177  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
 13178  //      policy from an entity that would cause the entity to have fewer than the
 13179  //      minimum number of policies of a certain type required.
 13180  //
 13181  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
 13182  //      that requires the organization to be configured to support all features.
 13183  //      An organization that supports only consolidated billing features can't
 13184  //      perform this operation.
 13185  //
 13186  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
 13187  //      too many levels deep.
 13188  //
 13189  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
 13190  //      that you can have in an organization.
 13191  //
 13192  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
 13193  //      is larger than the maximum size.
 13194  //
 13195  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
 13196  //      policies that you can have in an organization.
 13197  //
 13198  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
 13199  //      tags that are not compliant with the tag policy requirements for this
 13200  //      account.
 13201  //
 13202  //   * InvalidInputException
 13203  //   The requested operation failed because you provided invalid values for one
 13204  //   or more of the request parameters. This exception includes a reason that
 13205  //   contains additional information about the violated limit:
 13206  //
 13207  //   Some of the reasons in the following list might not be applicable to this
 13208  //   specific API or operation.
 13209  //
 13210  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 13211  //      the same entity.
 13212  //
 13213  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 13214  //      can't be modified.
 13215  //
 13216  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 13217  //
 13218  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 13219  //      for the invited account owner.
 13220  //
 13221  //      * INVALID_ENUM: You specified an invalid value.
 13222  //
 13223  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 13224  //
 13225  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 13226  //      characters.
 13227  //
 13228  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 13229  //      at least one invalid value.
 13230  //
 13231  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 13232  //      from the response to a previous call of the operation.
 13233  //
 13234  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 13235  //      organization, or email) as a party.
 13236  //
 13237  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 13238  //      pattern.
 13239  //
 13240  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 13241  //      match the required pattern.
 13242  //
 13243  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 13244  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 13245  //
 13246  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 13247  //      Name (ARN) for the organization.
 13248  //
 13249  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 13250  //
 13251  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 13252  //      tag. You can’t add, edit, or delete system tag keys because they're
 13253  //      reserved for AWS use. System tags don’t count against your tags per
 13254  //      resource limit.
 13255  //
 13256  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 13257  //      for the operation.
 13258  //
 13259  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 13260  //      than allowed.
 13261  //
 13262  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 13263  //      value than allowed.
 13264  //
 13265  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 13266  //      than allowed.
 13267  //
 13268  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 13269  //      value than allowed.
 13270  //
 13271  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 13272  //      between entities in the same root.
 13273  //
 13274  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 13275  //      target entity.
 13276  //
 13277  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 13278  //      isn't recognized.
 13279  //
 13280  //   * MasterCannotLeaveOrganizationException
 13281  //   You can't remove a management account from an organization. If you want the
 13282  //   management account to become a member account in another organization, you
 13283  //   must first delete the current organization of the management account.
 13284  //
 13285  //   * ServiceException
 13286  //   AWS Organizations can't complete your request because of an internal service
 13287  //   error. Try again later.
 13288  //
 13289  //   * TooManyRequestsException
 13290  //   You have sent too many requests in too short a period of time. The quota
 13291  //   helps protect against denial-of-service attacks. Try again later.
 13292  //
 13293  //   For information about quotas that affect AWS Organizations, see Quotas for
 13294  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 13295  //   the AWS Organizations User Guide.
 13296  //
 13297  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/RemoveAccountFromOrganization
 13298  func (c *Organizations) RemoveAccountFromOrganization(input *RemoveAccountFromOrganizationInput) (*RemoveAccountFromOrganizationOutput, error) {
 13299  	req, out := c.RemoveAccountFromOrganizationRequest(input)
 13300  	return out, req.Send()
 13301  }
 13302  
 13303  // RemoveAccountFromOrganizationWithContext is the same as RemoveAccountFromOrganization with the addition of
 13304  // the ability to pass a context and additional request options.
 13305  //
 13306  // See RemoveAccountFromOrganization for details on how to use this API operation.
 13307  //
 13308  // The context must be non-nil and will be used for request cancellation. If
 13309  // the context is nil a panic will occur. In the future the SDK may create
 13310  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 13311  // for more information on using Contexts.
 13312  func (c *Organizations) RemoveAccountFromOrganizationWithContext(ctx aws.Context, input *RemoveAccountFromOrganizationInput, opts ...request.Option) (*RemoveAccountFromOrganizationOutput, error) {
 13313  	req, out := c.RemoveAccountFromOrganizationRequest(input)
 13314  	req.SetContext(ctx)
 13315  	req.ApplyOptions(opts...)
 13316  	return out, req.Send()
 13317  }
 13318  
 13319  const opTagResource = "TagResource"
 13320  
 13321  // TagResourceRequest generates a "aws/request.Request" representing the
 13322  // client's request for the TagResource operation. The "output" return
 13323  // value will be populated with the request's response once the request completes
 13324  // successfully.
 13325  //
 13326  // Use "Send" method on the returned Request to send the API call to the service.
 13327  // the "output" return value is not valid until after Send returns without error.
 13328  //
 13329  // See TagResource for more information on using the TagResource
 13330  // API call, and error handling.
 13331  //
 13332  // This method is useful when you want to inject custom logic or configuration
 13333  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 13334  //
 13335  //
 13336  //    // Example sending a request using the TagResourceRequest method.
 13337  //    req, resp := client.TagResourceRequest(params)
 13338  //
 13339  //    err := req.Send()
 13340  //    if err == nil { // resp is now filled
 13341  //        fmt.Println(resp)
 13342  //    }
 13343  //
 13344  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
 13345  func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
 13346  	op := &request.Operation{
 13347  		Name:       opTagResource,
 13348  		HTTPMethod: "POST",
 13349  		HTTPPath:   "/",
 13350  	}
 13351  
 13352  	if input == nil {
 13353  		input = &TagResourceInput{}
 13354  	}
 13355  
 13356  	output = &TagResourceOutput{}
 13357  	req = c.newRequest(op, input, output)
 13358  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 13359  	return
 13360  }
 13361  
 13362  // TagResource API operation for AWS Organizations.
 13363  //
 13364  // Adds one or more tags to the specified resource.
 13365  //
 13366  // Currently, you can attach tags to the following resources in AWS Organizations.
 13367  //
 13368  //    * AWS account
 13369  //
 13370  //    * Organization root
 13371  //
 13372  //    * Organizational unit (OU)
 13373  //
 13374  //    * Policy (any type)
 13375  //
 13376  // This operation can be called only from the organization's management account.
 13377  //
 13378  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 13379  // with awserr.Error's Code and Message methods to get detailed information about
 13380  // the error.
 13381  //
 13382  // See the AWS API reference guide for AWS Organizations's
 13383  // API operation TagResource for usage and error information.
 13384  //
 13385  // Returned Error Types:
 13386  //   * AccessDeniedException
 13387  //   You don't have permissions to perform the requested operation. The user or
 13388  //   role that is making the request must have at least one IAM permissions policy
 13389  //   attached that grants the required permissions. For more information, see
 13390  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 13391  //   in the IAM User Guide.
 13392  //
 13393  //   * ConcurrentModificationException
 13394  //   The target of the operation is currently being modified by a different request.
 13395  //   Try again later.
 13396  //
 13397  //   * AWSOrganizationsNotInUseException
 13398  //   Your account isn't a member of an organization. To make this request, you
 13399  //   must use the credentials of an account that belongs to an organization.
 13400  //
 13401  //   * TargetNotFoundException
 13402  //   We can't find a root, OU, account, or policy with the TargetId that you specified.
 13403  //
 13404  //   * ConstraintViolationException
 13405  //   Performing this operation violates a minimum or maximum value limit. For
 13406  //   example, attempting to remove the last service control policy (SCP) from
 13407  //   an OU or root, inviting or creating too many accounts to the organization,
 13408  //   or attaching too many policies to an account, OU, or root. This exception
 13409  //   includes a reason that contains additional information about the violated
 13410  //   limit:
 13411  //
 13412  //   Some of the reasons in the following list might not be applicable to this
 13413  //   specific API or operation.
 13414  //
 13415  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
 13416  //      account from the organization. You can't remove the management account.
 13417  //      Instead, after you remove all member accounts, delete the organization
 13418  //      itself.
 13419  //
 13420  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
 13421  //      from the organization that doesn't yet have enough information to exist
 13422  //      as a standalone account. This account requires you to first agree to the
 13423  //      AWS Customer Agreement. Follow the steps at Removing a member account
 13424  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
 13425  //      the AWS Organizations User Guide.
 13426  //
 13427  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
 13428  //      an account from the organization that doesn't yet have enough information
 13429  //      to exist as a standalone account. This account requires you to first complete
 13430  //      phone verification. Follow the steps at Removing a member account from
 13431  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
 13432  //      in the AWS Organizations User Guide.
 13433  //
 13434  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
 13435  //      of accounts that you can create in one day.
 13436  //
 13437  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
 13438  //      the number of accounts in an organization. If you need more accounts,
 13439  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
 13440  //      request an increase in your limit. Or the number of invitations that you
 13441  //      tried to send would cause you to exceed the limit of accounts in your
 13442  //      organization. Send fewer invitations or contact AWS Support to request
 13443  //      an increase in the number of accounts. Deleted and closed accounts still
 13444  //      count toward your limit. If you get this exception when running a command
 13445  //      immediately after creating the organization, wait one hour and try again.
 13446  //      After an hour, if the command continues to fail with this error, contact
 13447  //      AWS Support (https://console.aws.amazon.com/support/home#/).
 13448  //
 13449  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
 13450  //      register the management account of the organization as a delegated administrator
 13451  //      for an AWS service integrated with Organizations. You can designate only
 13452  //      a member account as a delegated administrator.
 13453  //
 13454  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
 13455  //      an account that is registered as a delegated administrator for a service
 13456  //      integrated with your organization. To complete this operation, you must
 13457  //      first deregister this account as a delegated administrator.
 13458  //
 13459  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
 13460  //      organization in the specified region, you must enable all features mode.
 13461  //
 13462  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
 13463  //      an AWS account as a delegated administrator for an AWS service that already
 13464  //      has a delegated administrator. To complete this operation, you must first
 13465  //      deregister any existing delegated administrators for this service.
 13466  //
 13467  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
 13468  //      valid for a limited period of time. You must resubmit the request and
 13469  //      generate a new verfication code.
 13470  //
 13471  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
 13472  //      handshakes that you can send in one day.
 13473  //
 13474  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
 13475  //      in this organization, you first must migrate the organization's management
 13476  //      account to the marketplace that corresponds to the management account's
 13477  //      address. For example, accounts with India addresses must be associated
 13478  //      with the AISPL marketplace. All accounts in an organization must be associated
 13479  //      with the same marketplace.
 13480  //
 13481  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
 13482  //      in China. To create an organization, the master must have a valid business
 13483  //      license. For more information, contact customer support.
 13484  //
 13485  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
 13486  //      must first provide a valid contact address and phone number for the management
 13487  //      account. Then try the operation again.
 13488  //
 13489  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
 13490  //      management account must have an associated account in the AWS GovCloud
 13491  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
 13492  //      in the AWS GovCloud User Guide.
 13493  //
 13494  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
 13495  //      with this management account, you first must associate a valid payment
 13496  //      instrument, such as a credit card, with the account. Follow the steps
 13497  //      at To leave an organization when all required account information has
 13498  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 13499  //      in the AWS Organizations User Guide.
 13500  //
 13501  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
 13502  //      to register more delegated administrators than allowed for the service
 13503  //      principal.
 13504  //
 13505  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
 13506  //      number of policies of a certain type that can be attached to an entity
 13507  //      at one time.
 13508  //
 13509  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
 13510  //      on this resource.
 13511  //
 13512  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
 13513  //      with this member account, you first must associate a valid payment instrument,
 13514  //      such as a credit card, with the account. Follow the steps at To leave
 13515  //      an organization when all required account information has not yet been
 13516  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 13517  //      in the AWS Organizations User Guide.
 13518  //
 13519  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
 13520  //      policy from an entity that would cause the entity to have fewer than the
 13521  //      minimum number of policies of a certain type required.
 13522  //
 13523  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
 13524  //      that requires the organization to be configured to support all features.
 13525  //      An organization that supports only consolidated billing features can't
 13526  //      perform this operation.
 13527  //
 13528  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
 13529  //      too many levels deep.
 13530  //
 13531  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
 13532  //      that you can have in an organization.
 13533  //
 13534  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
 13535  //      is larger than the maximum size.
 13536  //
 13537  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
 13538  //      policies that you can have in an organization.
 13539  //
 13540  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
 13541  //      tags that are not compliant with the tag policy requirements for this
 13542  //      account.
 13543  //
 13544  //   * InvalidInputException
 13545  //   The requested operation failed because you provided invalid values for one
 13546  //   or more of the request parameters. This exception includes a reason that
 13547  //   contains additional information about the violated limit:
 13548  //
 13549  //   Some of the reasons in the following list might not be applicable to this
 13550  //   specific API or operation.
 13551  //
 13552  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 13553  //      the same entity.
 13554  //
 13555  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 13556  //      can't be modified.
 13557  //
 13558  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 13559  //
 13560  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 13561  //      for the invited account owner.
 13562  //
 13563  //      * INVALID_ENUM: You specified an invalid value.
 13564  //
 13565  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 13566  //
 13567  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 13568  //      characters.
 13569  //
 13570  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 13571  //      at least one invalid value.
 13572  //
 13573  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 13574  //      from the response to a previous call of the operation.
 13575  //
 13576  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 13577  //      organization, or email) as a party.
 13578  //
 13579  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 13580  //      pattern.
 13581  //
 13582  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 13583  //      match the required pattern.
 13584  //
 13585  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 13586  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 13587  //
 13588  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 13589  //      Name (ARN) for the organization.
 13590  //
 13591  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 13592  //
 13593  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 13594  //      tag. You can’t add, edit, or delete system tag keys because they're
 13595  //      reserved for AWS use. System tags don’t count against your tags per
 13596  //      resource limit.
 13597  //
 13598  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 13599  //      for the operation.
 13600  //
 13601  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 13602  //      than allowed.
 13603  //
 13604  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 13605  //      value than allowed.
 13606  //
 13607  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 13608  //      than allowed.
 13609  //
 13610  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 13611  //      value than allowed.
 13612  //
 13613  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 13614  //      between entities in the same root.
 13615  //
 13616  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 13617  //      target entity.
 13618  //
 13619  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 13620  //      isn't recognized.
 13621  //
 13622  //   * ServiceException
 13623  //   AWS Organizations can't complete your request because of an internal service
 13624  //   error. Try again later.
 13625  //
 13626  //   * TooManyRequestsException
 13627  //   You have sent too many requests in too short a period of time. The quota
 13628  //   helps protect against denial-of-service attacks. Try again later.
 13629  //
 13630  //   For information about quotas that affect AWS Organizations, see Quotas for
 13631  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 13632  //   the AWS Organizations User Guide.
 13633  //
 13634  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/TagResource
 13635  func (c *Organizations) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
 13636  	req, out := c.TagResourceRequest(input)
 13637  	return out, req.Send()
 13638  }
 13639  
 13640  // TagResourceWithContext is the same as TagResource with the addition of
 13641  // the ability to pass a context and additional request options.
 13642  //
 13643  // See TagResource for details on how to use this API operation.
 13644  //
 13645  // The context must be non-nil and will be used for request cancellation. If
 13646  // the context is nil a panic will occur. In the future the SDK may create
 13647  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 13648  // for more information on using Contexts.
 13649  func (c *Organizations) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
 13650  	req, out := c.TagResourceRequest(input)
 13651  	req.SetContext(ctx)
 13652  	req.ApplyOptions(opts...)
 13653  	return out, req.Send()
 13654  }
 13655  
 13656  const opUntagResource = "UntagResource"
 13657  
 13658  // UntagResourceRequest generates a "aws/request.Request" representing the
 13659  // client's request for the UntagResource operation. The "output" return
 13660  // value will be populated with the request's response once the request completes
 13661  // successfully.
 13662  //
 13663  // Use "Send" method on the returned Request to send the API call to the service.
 13664  // the "output" return value is not valid until after Send returns without error.
 13665  //
 13666  // See UntagResource for more information on using the UntagResource
 13667  // API call, and error handling.
 13668  //
 13669  // This method is useful when you want to inject custom logic or configuration
 13670  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 13671  //
 13672  //
 13673  //    // Example sending a request using the UntagResourceRequest method.
 13674  //    req, resp := client.UntagResourceRequest(params)
 13675  //
 13676  //    err := req.Send()
 13677  //    if err == nil { // resp is now filled
 13678  //        fmt.Println(resp)
 13679  //    }
 13680  //
 13681  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
 13682  func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
 13683  	op := &request.Operation{
 13684  		Name:       opUntagResource,
 13685  		HTTPMethod: "POST",
 13686  		HTTPPath:   "/",
 13687  	}
 13688  
 13689  	if input == nil {
 13690  		input = &UntagResourceInput{}
 13691  	}
 13692  
 13693  	output = &UntagResourceOutput{}
 13694  	req = c.newRequest(op, input, output)
 13695  	req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
 13696  	return
 13697  }
 13698  
 13699  // UntagResource API operation for AWS Organizations.
 13700  //
 13701  // Removes any tags with the specified keys from the specified resource.
 13702  //
 13703  // You can attach tags to the following resources in AWS Organizations.
 13704  //
 13705  //    * AWS account
 13706  //
 13707  //    * Organization root
 13708  //
 13709  //    * Organizational unit (OU)
 13710  //
 13711  //    * Policy (any type)
 13712  //
 13713  // This operation can be called only from the organization's management account.
 13714  //
 13715  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 13716  // with awserr.Error's Code and Message methods to get detailed information about
 13717  // the error.
 13718  //
 13719  // See the AWS API reference guide for AWS Organizations's
 13720  // API operation UntagResource for usage and error information.
 13721  //
 13722  // Returned Error Types:
 13723  //   * AccessDeniedException
 13724  //   You don't have permissions to perform the requested operation. The user or
 13725  //   role that is making the request must have at least one IAM permissions policy
 13726  //   attached that grants the required permissions. For more information, see
 13727  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 13728  //   in the IAM User Guide.
 13729  //
 13730  //   * ConcurrentModificationException
 13731  //   The target of the operation is currently being modified by a different request.
 13732  //   Try again later.
 13733  //
 13734  //   * AWSOrganizationsNotInUseException
 13735  //   Your account isn't a member of an organization. To make this request, you
 13736  //   must use the credentials of an account that belongs to an organization.
 13737  //
 13738  //   * TargetNotFoundException
 13739  //   We can't find a root, OU, account, or policy with the TargetId that you specified.
 13740  //
 13741  //   * ConstraintViolationException
 13742  //   Performing this operation violates a minimum or maximum value limit. For
 13743  //   example, attempting to remove the last service control policy (SCP) from
 13744  //   an OU or root, inviting or creating too many accounts to the organization,
 13745  //   or attaching too many policies to an account, OU, or root. This exception
 13746  //   includes a reason that contains additional information about the violated
 13747  //   limit:
 13748  //
 13749  //   Some of the reasons in the following list might not be applicable to this
 13750  //   specific API or operation.
 13751  //
 13752  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
 13753  //      account from the organization. You can't remove the management account.
 13754  //      Instead, after you remove all member accounts, delete the organization
 13755  //      itself.
 13756  //
 13757  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
 13758  //      from the organization that doesn't yet have enough information to exist
 13759  //      as a standalone account. This account requires you to first agree to the
 13760  //      AWS Customer Agreement. Follow the steps at Removing a member account
 13761  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
 13762  //      the AWS Organizations User Guide.
 13763  //
 13764  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
 13765  //      an account from the organization that doesn't yet have enough information
 13766  //      to exist as a standalone account. This account requires you to first complete
 13767  //      phone verification. Follow the steps at Removing a member account from
 13768  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
 13769  //      in the AWS Organizations User Guide.
 13770  //
 13771  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
 13772  //      of accounts that you can create in one day.
 13773  //
 13774  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
 13775  //      the number of accounts in an organization. If you need more accounts,
 13776  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
 13777  //      request an increase in your limit. Or the number of invitations that you
 13778  //      tried to send would cause you to exceed the limit of accounts in your
 13779  //      organization. Send fewer invitations or contact AWS Support to request
 13780  //      an increase in the number of accounts. Deleted and closed accounts still
 13781  //      count toward your limit. If you get this exception when running a command
 13782  //      immediately after creating the organization, wait one hour and try again.
 13783  //      After an hour, if the command continues to fail with this error, contact
 13784  //      AWS Support (https://console.aws.amazon.com/support/home#/).
 13785  //
 13786  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
 13787  //      register the management account of the organization as a delegated administrator
 13788  //      for an AWS service integrated with Organizations. You can designate only
 13789  //      a member account as a delegated administrator.
 13790  //
 13791  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
 13792  //      an account that is registered as a delegated administrator for a service
 13793  //      integrated with your organization. To complete this operation, you must
 13794  //      first deregister this account as a delegated administrator.
 13795  //
 13796  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
 13797  //      organization in the specified region, you must enable all features mode.
 13798  //
 13799  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
 13800  //      an AWS account as a delegated administrator for an AWS service that already
 13801  //      has a delegated administrator. To complete this operation, you must first
 13802  //      deregister any existing delegated administrators for this service.
 13803  //
 13804  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
 13805  //      valid for a limited period of time. You must resubmit the request and
 13806  //      generate a new verfication code.
 13807  //
 13808  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
 13809  //      handshakes that you can send in one day.
 13810  //
 13811  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
 13812  //      in this organization, you first must migrate the organization's management
 13813  //      account to the marketplace that corresponds to the management account's
 13814  //      address. For example, accounts with India addresses must be associated
 13815  //      with the AISPL marketplace. All accounts in an organization must be associated
 13816  //      with the same marketplace.
 13817  //
 13818  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
 13819  //      in China. To create an organization, the master must have a valid business
 13820  //      license. For more information, contact customer support.
 13821  //
 13822  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
 13823  //      must first provide a valid contact address and phone number for the management
 13824  //      account. Then try the operation again.
 13825  //
 13826  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
 13827  //      management account must have an associated account in the AWS GovCloud
 13828  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
 13829  //      in the AWS GovCloud User Guide.
 13830  //
 13831  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
 13832  //      with this management account, you first must associate a valid payment
 13833  //      instrument, such as a credit card, with the account. Follow the steps
 13834  //      at To leave an organization when all required account information has
 13835  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 13836  //      in the AWS Organizations User Guide.
 13837  //
 13838  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
 13839  //      to register more delegated administrators than allowed for the service
 13840  //      principal.
 13841  //
 13842  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
 13843  //      number of policies of a certain type that can be attached to an entity
 13844  //      at one time.
 13845  //
 13846  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
 13847  //      on this resource.
 13848  //
 13849  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
 13850  //      with this member account, you first must associate a valid payment instrument,
 13851  //      such as a credit card, with the account. Follow the steps at To leave
 13852  //      an organization when all required account information has not yet been
 13853  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 13854  //      in the AWS Organizations User Guide.
 13855  //
 13856  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
 13857  //      policy from an entity that would cause the entity to have fewer than the
 13858  //      minimum number of policies of a certain type required.
 13859  //
 13860  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
 13861  //      that requires the organization to be configured to support all features.
 13862  //      An organization that supports only consolidated billing features can't
 13863  //      perform this operation.
 13864  //
 13865  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
 13866  //      too many levels deep.
 13867  //
 13868  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
 13869  //      that you can have in an organization.
 13870  //
 13871  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
 13872  //      is larger than the maximum size.
 13873  //
 13874  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
 13875  //      policies that you can have in an organization.
 13876  //
 13877  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
 13878  //      tags that are not compliant with the tag policy requirements for this
 13879  //      account.
 13880  //
 13881  //   * InvalidInputException
 13882  //   The requested operation failed because you provided invalid values for one
 13883  //   or more of the request parameters. This exception includes a reason that
 13884  //   contains additional information about the violated limit:
 13885  //
 13886  //   Some of the reasons in the following list might not be applicable to this
 13887  //   specific API or operation.
 13888  //
 13889  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 13890  //      the same entity.
 13891  //
 13892  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 13893  //      can't be modified.
 13894  //
 13895  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 13896  //
 13897  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 13898  //      for the invited account owner.
 13899  //
 13900  //      * INVALID_ENUM: You specified an invalid value.
 13901  //
 13902  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 13903  //
 13904  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 13905  //      characters.
 13906  //
 13907  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 13908  //      at least one invalid value.
 13909  //
 13910  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 13911  //      from the response to a previous call of the operation.
 13912  //
 13913  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 13914  //      organization, or email) as a party.
 13915  //
 13916  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 13917  //      pattern.
 13918  //
 13919  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 13920  //      match the required pattern.
 13921  //
 13922  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 13923  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 13924  //
 13925  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 13926  //      Name (ARN) for the organization.
 13927  //
 13928  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 13929  //
 13930  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 13931  //      tag. You can’t add, edit, or delete system tag keys because they're
 13932  //      reserved for AWS use. System tags don’t count against your tags per
 13933  //      resource limit.
 13934  //
 13935  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 13936  //      for the operation.
 13937  //
 13938  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 13939  //      than allowed.
 13940  //
 13941  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 13942  //      value than allowed.
 13943  //
 13944  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 13945  //      than allowed.
 13946  //
 13947  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 13948  //      value than allowed.
 13949  //
 13950  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 13951  //      between entities in the same root.
 13952  //
 13953  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 13954  //      target entity.
 13955  //
 13956  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 13957  //      isn't recognized.
 13958  //
 13959  //   * ServiceException
 13960  //   AWS Organizations can't complete your request because of an internal service
 13961  //   error. Try again later.
 13962  //
 13963  //   * TooManyRequestsException
 13964  //   You have sent too many requests in too short a period of time. The quota
 13965  //   helps protect against denial-of-service attacks. Try again later.
 13966  //
 13967  //   For information about quotas that affect AWS Organizations, see Quotas for
 13968  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 13969  //   the AWS Organizations User Guide.
 13970  //
 13971  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UntagResource
 13972  func (c *Organizations) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
 13973  	req, out := c.UntagResourceRequest(input)
 13974  	return out, req.Send()
 13975  }
 13976  
 13977  // UntagResourceWithContext is the same as UntagResource with the addition of
 13978  // the ability to pass a context and additional request options.
 13979  //
 13980  // See UntagResource for details on how to use this API operation.
 13981  //
 13982  // The context must be non-nil and will be used for request cancellation. If
 13983  // the context is nil a panic will occur. In the future the SDK may create
 13984  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 13985  // for more information on using Contexts.
 13986  func (c *Organizations) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
 13987  	req, out := c.UntagResourceRequest(input)
 13988  	req.SetContext(ctx)
 13989  	req.ApplyOptions(opts...)
 13990  	return out, req.Send()
 13991  }
 13992  
 13993  const opUpdateOrganizationalUnit = "UpdateOrganizationalUnit"
 13994  
 13995  // UpdateOrganizationalUnitRequest generates a "aws/request.Request" representing the
 13996  // client's request for the UpdateOrganizationalUnit operation. The "output" return
 13997  // value will be populated with the request's response once the request completes
 13998  // successfully.
 13999  //
 14000  // Use "Send" method on the returned Request to send the API call to the service.
 14001  // the "output" return value is not valid until after Send returns without error.
 14002  //
 14003  // See UpdateOrganizationalUnit for more information on using the UpdateOrganizationalUnit
 14004  // API call, and error handling.
 14005  //
 14006  // This method is useful when you want to inject custom logic or configuration
 14007  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 14008  //
 14009  //
 14010  //    // Example sending a request using the UpdateOrganizationalUnitRequest method.
 14011  //    req, resp := client.UpdateOrganizationalUnitRequest(params)
 14012  //
 14013  //    err := req.Send()
 14014  //    if err == nil { // resp is now filled
 14015  //        fmt.Println(resp)
 14016  //    }
 14017  //
 14018  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
 14019  func (c *Organizations) UpdateOrganizationalUnitRequest(input *UpdateOrganizationalUnitInput) (req *request.Request, output *UpdateOrganizationalUnitOutput) {
 14020  	op := &request.Operation{
 14021  		Name:       opUpdateOrganizationalUnit,
 14022  		HTTPMethod: "POST",
 14023  		HTTPPath:   "/",
 14024  	}
 14025  
 14026  	if input == nil {
 14027  		input = &UpdateOrganizationalUnitInput{}
 14028  	}
 14029  
 14030  	output = &UpdateOrganizationalUnitOutput{}
 14031  	req = c.newRequest(op, input, output)
 14032  	return
 14033  }
 14034  
 14035  // UpdateOrganizationalUnit API operation for AWS Organizations.
 14036  //
 14037  // Renames the specified organizational unit (OU). The ID and ARN don't change.
 14038  // The child OUs and accounts remain in place, and any attached policies of
 14039  // the OU remain attached.
 14040  //
 14041  // This operation can be called only from the organization's management account.
 14042  //
 14043  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 14044  // with awserr.Error's Code and Message methods to get detailed information about
 14045  // the error.
 14046  //
 14047  // See the AWS API reference guide for AWS Organizations's
 14048  // API operation UpdateOrganizationalUnit for usage and error information.
 14049  //
 14050  // Returned Error Types:
 14051  //   * AccessDeniedException
 14052  //   You don't have permissions to perform the requested operation. The user or
 14053  //   role that is making the request must have at least one IAM permissions policy
 14054  //   attached that grants the required permissions. For more information, see
 14055  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 14056  //   in the IAM User Guide.
 14057  //
 14058  //   * AWSOrganizationsNotInUseException
 14059  //   Your account isn't a member of an organization. To make this request, you
 14060  //   must use the credentials of an account that belongs to an organization.
 14061  //
 14062  //   * ConcurrentModificationException
 14063  //   The target of the operation is currently being modified by a different request.
 14064  //   Try again later.
 14065  //
 14066  //   * DuplicateOrganizationalUnitException
 14067  //   An OU with the same name already exists.
 14068  //
 14069  //   * InvalidInputException
 14070  //   The requested operation failed because you provided invalid values for one
 14071  //   or more of the request parameters. This exception includes a reason that
 14072  //   contains additional information about the violated limit:
 14073  //
 14074  //   Some of the reasons in the following list might not be applicable to this
 14075  //   specific API or operation.
 14076  //
 14077  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 14078  //      the same entity.
 14079  //
 14080  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 14081  //      can't be modified.
 14082  //
 14083  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 14084  //
 14085  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 14086  //      for the invited account owner.
 14087  //
 14088  //      * INVALID_ENUM: You specified an invalid value.
 14089  //
 14090  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 14091  //
 14092  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 14093  //      characters.
 14094  //
 14095  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 14096  //      at least one invalid value.
 14097  //
 14098  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 14099  //      from the response to a previous call of the operation.
 14100  //
 14101  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 14102  //      organization, or email) as a party.
 14103  //
 14104  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 14105  //      pattern.
 14106  //
 14107  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 14108  //      match the required pattern.
 14109  //
 14110  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 14111  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 14112  //
 14113  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 14114  //      Name (ARN) for the organization.
 14115  //
 14116  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 14117  //
 14118  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 14119  //      tag. You can’t add, edit, or delete system tag keys because they're
 14120  //      reserved for AWS use. System tags don’t count against your tags per
 14121  //      resource limit.
 14122  //
 14123  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 14124  //      for the operation.
 14125  //
 14126  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 14127  //      than allowed.
 14128  //
 14129  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 14130  //      value than allowed.
 14131  //
 14132  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 14133  //      than allowed.
 14134  //
 14135  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 14136  //      value than allowed.
 14137  //
 14138  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 14139  //      between entities in the same root.
 14140  //
 14141  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 14142  //      target entity.
 14143  //
 14144  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 14145  //      isn't recognized.
 14146  //
 14147  //   * OrganizationalUnitNotFoundException
 14148  //   We can't find an OU with the OrganizationalUnitId that you specified.
 14149  //
 14150  //   * ServiceException
 14151  //   AWS Organizations can't complete your request because of an internal service
 14152  //   error. Try again later.
 14153  //
 14154  //   * TooManyRequestsException
 14155  //   You have sent too many requests in too short a period of time. The quota
 14156  //   helps protect against denial-of-service attacks. Try again later.
 14157  //
 14158  //   For information about quotas that affect AWS Organizations, see Quotas for
 14159  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 14160  //   the AWS Organizations User Guide.
 14161  //
 14162  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdateOrganizationalUnit
 14163  func (c *Organizations) UpdateOrganizationalUnit(input *UpdateOrganizationalUnitInput) (*UpdateOrganizationalUnitOutput, error) {
 14164  	req, out := c.UpdateOrganizationalUnitRequest(input)
 14165  	return out, req.Send()
 14166  }
 14167  
 14168  // UpdateOrganizationalUnitWithContext is the same as UpdateOrganizationalUnit with the addition of
 14169  // the ability to pass a context and additional request options.
 14170  //
 14171  // See UpdateOrganizationalUnit for details on how to use this API operation.
 14172  //
 14173  // The context must be non-nil and will be used for request cancellation. If
 14174  // the context is nil a panic will occur. In the future the SDK may create
 14175  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 14176  // for more information on using Contexts.
 14177  func (c *Organizations) UpdateOrganizationalUnitWithContext(ctx aws.Context, input *UpdateOrganizationalUnitInput, opts ...request.Option) (*UpdateOrganizationalUnitOutput, error) {
 14178  	req, out := c.UpdateOrganizationalUnitRequest(input)
 14179  	req.SetContext(ctx)
 14180  	req.ApplyOptions(opts...)
 14181  	return out, req.Send()
 14182  }
 14183  
 14184  const opUpdatePolicy = "UpdatePolicy"
 14185  
 14186  // UpdatePolicyRequest generates a "aws/request.Request" representing the
 14187  // client's request for the UpdatePolicy operation. The "output" return
 14188  // value will be populated with the request's response once the request completes
 14189  // successfully.
 14190  //
 14191  // Use "Send" method on the returned Request to send the API call to the service.
 14192  // the "output" return value is not valid until after Send returns without error.
 14193  //
 14194  // See UpdatePolicy for more information on using the UpdatePolicy
 14195  // API call, and error handling.
 14196  //
 14197  // This method is useful when you want to inject custom logic or configuration
 14198  // into the SDK's request lifecycle. Such as custom headers, or retry logic.
 14199  //
 14200  //
 14201  //    // Example sending a request using the UpdatePolicyRequest method.
 14202  //    req, resp := client.UpdatePolicyRequest(params)
 14203  //
 14204  //    err := req.Send()
 14205  //    if err == nil { // resp is now filled
 14206  //        fmt.Println(resp)
 14207  //    }
 14208  //
 14209  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
 14210  func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *request.Request, output *UpdatePolicyOutput) {
 14211  	op := &request.Operation{
 14212  		Name:       opUpdatePolicy,
 14213  		HTTPMethod: "POST",
 14214  		HTTPPath:   "/",
 14215  	}
 14216  
 14217  	if input == nil {
 14218  		input = &UpdatePolicyInput{}
 14219  	}
 14220  
 14221  	output = &UpdatePolicyOutput{}
 14222  	req = c.newRequest(op, input, output)
 14223  	return
 14224  }
 14225  
 14226  // UpdatePolicy API operation for AWS Organizations.
 14227  //
 14228  // Updates an existing policy with a new name, description, or content. If you
 14229  // don't supply any parameter, that value remains unchanged. You can't change
 14230  // a policy's type.
 14231  //
 14232  // This operation can be called only from the organization's management account.
 14233  //
 14234  // Returns awserr.Error for service API and SDK errors. Use runtime type assertions
 14235  // with awserr.Error's Code and Message methods to get detailed information about
 14236  // the error.
 14237  //
 14238  // See the AWS API reference guide for AWS Organizations's
 14239  // API operation UpdatePolicy for usage and error information.
 14240  //
 14241  // Returned Error Types:
 14242  //   * AccessDeniedException
 14243  //   You don't have permissions to perform the requested operation. The user or
 14244  //   role that is making the request must have at least one IAM permissions policy
 14245  //   attached that grants the required permissions. For more information, see
 14246  //   Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 14247  //   in the IAM User Guide.
 14248  //
 14249  //   * AWSOrganizationsNotInUseException
 14250  //   Your account isn't a member of an organization. To make this request, you
 14251  //   must use the credentials of an account that belongs to an organization.
 14252  //
 14253  //   * ConcurrentModificationException
 14254  //   The target of the operation is currently being modified by a different request.
 14255  //   Try again later.
 14256  //
 14257  //   * ConstraintViolationException
 14258  //   Performing this operation violates a minimum or maximum value limit. For
 14259  //   example, attempting to remove the last service control policy (SCP) from
 14260  //   an OU or root, inviting or creating too many accounts to the organization,
 14261  //   or attaching too many policies to an account, OU, or root. This exception
 14262  //   includes a reason that contains additional information about the violated
 14263  //   limit:
 14264  //
 14265  //   Some of the reasons in the following list might not be applicable to this
 14266  //   specific API or operation.
 14267  //
 14268  //      * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
 14269  //      account from the organization. You can't remove the management account.
 14270  //      Instead, after you remove all member accounts, delete the organization
 14271  //      itself.
 14272  //
 14273  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
 14274  //      from the organization that doesn't yet have enough information to exist
 14275  //      as a standalone account. This account requires you to first agree to the
 14276  //      AWS Customer Agreement. Follow the steps at Removing a member account
 14277  //      from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
 14278  //      the AWS Organizations User Guide.
 14279  //
 14280  //      * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
 14281  //      an account from the organization that doesn't yet have enough information
 14282  //      to exist as a standalone account. This account requires you to first complete
 14283  //      phone verification. Follow the steps at Removing a member account from
 14284  //      your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
 14285  //      in the AWS Organizations User Guide.
 14286  //
 14287  //      * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
 14288  //      of accounts that you can create in one day.
 14289  //
 14290  //      * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
 14291  //      the number of accounts in an organization. If you need more accounts,
 14292  //      contact AWS Support (https://console.aws.amazon.com/support/home#/) to
 14293  //      request an increase in your limit. Or the number of invitations that you
 14294  //      tried to send would cause you to exceed the limit of accounts in your
 14295  //      organization. Send fewer invitations or contact AWS Support to request
 14296  //      an increase in the number of accounts. Deleted and closed accounts still
 14297  //      count toward your limit. If you get this exception when running a command
 14298  //      immediately after creating the organization, wait one hour and try again.
 14299  //      After an hour, if the command continues to fail with this error, contact
 14300  //      AWS Support (https://console.aws.amazon.com/support/home#/).
 14301  //
 14302  //      * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
 14303  //      register the management account of the organization as a delegated administrator
 14304  //      for an AWS service integrated with Organizations. You can designate only
 14305  //      a member account as a delegated administrator.
 14306  //
 14307  //      * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
 14308  //      an account that is registered as a delegated administrator for a service
 14309  //      integrated with your organization. To complete this operation, you must
 14310  //      first deregister this account as a delegated administrator.
 14311  //
 14312  //      * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
 14313  //      organization in the specified region, you must enable all features mode.
 14314  //
 14315  //      * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
 14316  //      an AWS account as a delegated administrator for an AWS service that already
 14317  //      has a delegated administrator. To complete this operation, you must first
 14318  //      deregister any existing delegated administrators for this service.
 14319  //
 14320  //      * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
 14321  //      valid for a limited period of time. You must resubmit the request and
 14322  //      generate a new verfication code.
 14323  //
 14324  //      * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
 14325  //      handshakes that you can send in one day.
 14326  //
 14327  //      * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
 14328  //      in this organization, you first must migrate the organization's management
 14329  //      account to the marketplace that corresponds to the management account's
 14330  //      address. For example, accounts with India addresses must be associated
 14331  //      with the AISPL marketplace. All accounts in an organization must be associated
 14332  //      with the same marketplace.
 14333  //
 14334  //      * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
 14335  //      in China. To create an organization, the master must have a valid business
 14336  //      license. For more information, contact customer support.
 14337  //
 14338  //      * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
 14339  //      must first provide a valid contact address and phone number for the management
 14340  //      account. Then try the operation again.
 14341  //
 14342  //      * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
 14343  //      management account must have an associated account in the AWS GovCloud
 14344  //      (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
 14345  //      in the AWS GovCloud User Guide.
 14346  //
 14347  //      * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
 14348  //      with this management account, you first must associate a valid payment
 14349  //      instrument, such as a credit card, with the account. Follow the steps
 14350  //      at To leave an organization when all required account information has
 14351  //      not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 14352  //      in the AWS Organizations User Guide.
 14353  //
 14354  //      * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
 14355  //      to register more delegated administrators than allowed for the service
 14356  //      principal.
 14357  //
 14358  //      * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
 14359  //      number of policies of a certain type that can be attached to an entity
 14360  //      at one time.
 14361  //
 14362  //      * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
 14363  //      on this resource.
 14364  //
 14365  //      * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
 14366  //      with this member account, you first must associate a valid payment instrument,
 14367  //      such as a credit card, with the account. Follow the steps at To leave
 14368  //      an organization when all required account information has not yet been
 14369  //      provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 14370  //      in the AWS Organizations User Guide.
 14371  //
 14372  //      * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
 14373  //      policy from an entity that would cause the entity to have fewer than the
 14374  //      minimum number of policies of a certain type required.
 14375  //
 14376  //      * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
 14377  //      that requires the organization to be configured to support all features.
 14378  //      An organization that supports only consolidated billing features can't
 14379  //      perform this operation.
 14380  //
 14381  //      * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
 14382  //      too many levels deep.
 14383  //
 14384  //      * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
 14385  //      that you can have in an organization.
 14386  //
 14387  //      * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
 14388  //      is larger than the maximum size.
 14389  //
 14390  //      * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
 14391  //      policies that you can have in an organization.
 14392  //
 14393  //      * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
 14394  //      tags that are not compliant with the tag policy requirements for this
 14395  //      account.
 14396  //
 14397  //   * DuplicatePolicyException
 14398  //   A policy with the same name already exists.
 14399  //
 14400  //   * InvalidInputException
 14401  //   The requested operation failed because you provided invalid values for one
 14402  //   or more of the request parameters. This exception includes a reason that
 14403  //   contains additional information about the violated limit:
 14404  //
 14405  //   Some of the reasons in the following list might not be applicable to this
 14406  //   specific API or operation.
 14407  //
 14408  //      * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 14409  //      the same entity.
 14410  //
 14411  //      * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 14412  //      can't be modified.
 14413  //
 14414  //      * INPUT_REQUIRED: You must include a value for all required parameters.
 14415  //
 14416  //      * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 14417  //      for the invited account owner.
 14418  //
 14419  //      * INVALID_ENUM: You specified an invalid value.
 14420  //
 14421  //      * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 14422  //
 14423  //      * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 14424  //      characters.
 14425  //
 14426  //      * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 14427  //      at least one invalid value.
 14428  //
 14429  //      * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 14430  //      from the response to a previous call of the operation.
 14431  //
 14432  //      * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 14433  //      organization, or email) as a party.
 14434  //
 14435  //      * INVALID_PATTERN: You provided a value that doesn't match the required
 14436  //      pattern.
 14437  //
 14438  //      * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 14439  //      match the required pattern.
 14440  //
 14441  //      * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 14442  //      name can't begin with the reserved prefix AWSServiceRoleFor.
 14443  //
 14444  //      * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 14445  //      Name (ARN) for the organization.
 14446  //
 14447  //      * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 14448  //
 14449  //      * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 14450  //      tag. You can’t add, edit, or delete system tag keys because they're
 14451  //      reserved for AWS use. System tags don’t count against your tags per
 14452  //      resource limit.
 14453  //
 14454  //      * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 14455  //      for the operation.
 14456  //
 14457  //      * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 14458  //      than allowed.
 14459  //
 14460  //      * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 14461  //      value than allowed.
 14462  //
 14463  //      * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 14464  //      than allowed.
 14465  //
 14466  //      * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 14467  //      value than allowed.
 14468  //
 14469  //      * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 14470  //      between entities in the same root.
 14471  //
 14472  //      * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 14473  //      target entity.
 14474  //
 14475  //      * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 14476  //      isn't recognized.
 14477  //
 14478  //   * MalformedPolicyDocumentException
 14479  //   The provided policy document doesn't meet the requirements of the specified
 14480  //   policy type. For example, the syntax might be incorrect. For details about
 14481  //   service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
 14482  //   in the AWS Organizations User Guide.
 14483  //
 14484  //   * PolicyNotFoundException
 14485  //   We can't find a policy with the PolicyId that you specified.
 14486  //
 14487  //   * ServiceException
 14488  //   AWS Organizations can't complete your request because of an internal service
 14489  //   error. Try again later.
 14490  //
 14491  //   * TooManyRequestsException
 14492  //   You have sent too many requests in too short a period of time. The quota
 14493  //   helps protect against denial-of-service attacks. Try again later.
 14494  //
 14495  //   For information about quotas that affect AWS Organizations, see Quotas for
 14496  //   AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 14497  //   the AWS Organizations User Guide.
 14498  //
 14499  //   * UnsupportedAPIEndpointException
 14500  //   This action isn't available in the current AWS Region.
 14501  //
 14502  //   * PolicyChangesInProgressException
 14503  //   Changes to the effective policy are in progress, and its contents can't be
 14504  //   returned. Try the operation again later.
 14505  //
 14506  // See also, https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28/UpdatePolicy
 14507  func (c *Organizations) UpdatePolicy(input *UpdatePolicyInput) (*UpdatePolicyOutput, error) {
 14508  	req, out := c.UpdatePolicyRequest(input)
 14509  	return out, req.Send()
 14510  }
 14511  
 14512  // UpdatePolicyWithContext is the same as UpdatePolicy with the addition of
 14513  // the ability to pass a context and additional request options.
 14514  //
 14515  // See UpdatePolicy for details on how to use this API operation.
 14516  //
 14517  // The context must be non-nil and will be used for request cancellation. If
 14518  // the context is nil a panic will occur. In the future the SDK may create
 14519  // sub-contexts for http.Requests. See https://golang.org/pkg/context/
 14520  // for more information on using Contexts.
 14521  func (c *Organizations) UpdatePolicyWithContext(ctx aws.Context, input *UpdatePolicyInput, opts ...request.Option) (*UpdatePolicyOutput, error) {
 14522  	req, out := c.UpdatePolicyRequest(input)
 14523  	req.SetContext(ctx)
 14524  	req.ApplyOptions(opts...)
 14525  	return out, req.Send()
 14526  }
 14527  
 14528  // Your account isn't a member of an organization. To make this request, you
 14529  // must use the credentials of an account that belongs to an organization.
 14530  type AWSOrganizationsNotInUseException struct {
 14531  	_            struct{}                  `type:"structure"`
 14532  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 14533  
 14534  	Message_ *string `locationName:"Message" type:"string"`
 14535  }
 14536  
 14537  // String returns the string representation.
 14538  //
 14539  // API parameter values that are decorated as "sensitive" in the API will not
 14540  // be included in the string output. The member name will be present, but the
 14541  // value will be replaced with "sensitive".
 14542  func (s AWSOrganizationsNotInUseException) String() string {
 14543  	return awsutil.Prettify(s)
 14544  }
 14545  
 14546  // GoString returns the string representation.
 14547  //
 14548  // API parameter values that are decorated as "sensitive" in the API will not
 14549  // be included in the string output. The member name will be present, but the
 14550  // value will be replaced with "sensitive".
 14551  func (s AWSOrganizationsNotInUseException) GoString() string {
 14552  	return s.String()
 14553  }
 14554  
 14555  func newErrorAWSOrganizationsNotInUseException(v protocol.ResponseMetadata) error {
 14556  	return &AWSOrganizationsNotInUseException{
 14557  		RespMetadata: v,
 14558  	}
 14559  }
 14560  
 14561  // Code returns the exception type name.
 14562  func (s *AWSOrganizationsNotInUseException) Code() string {
 14563  	return "AWSOrganizationsNotInUseException"
 14564  }
 14565  
 14566  // Message returns the exception's message.
 14567  func (s *AWSOrganizationsNotInUseException) Message() string {
 14568  	if s.Message_ != nil {
 14569  		return *s.Message_
 14570  	}
 14571  	return ""
 14572  }
 14573  
 14574  // OrigErr always returns nil, satisfies awserr.Error interface.
 14575  func (s *AWSOrganizationsNotInUseException) OrigErr() error {
 14576  	return nil
 14577  }
 14578  
 14579  func (s *AWSOrganizationsNotInUseException) Error() string {
 14580  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 14581  }
 14582  
 14583  // Status code returns the HTTP status code for the request's response error.
 14584  func (s *AWSOrganizationsNotInUseException) StatusCode() int {
 14585  	return s.RespMetadata.StatusCode
 14586  }
 14587  
 14588  // RequestID returns the service's response RequestID for request.
 14589  func (s *AWSOrganizationsNotInUseException) RequestID() string {
 14590  	return s.RespMetadata.RequestID
 14591  }
 14592  
 14593  type AcceptHandshakeInput struct {
 14594  	_ struct{} `type:"structure"`
 14595  
 14596  	// The unique identifier (ID) of the handshake that you want to accept.
 14597  	//
 14598  	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
 14599  	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
 14600  	//
 14601  	// HandshakeId is a required field
 14602  	HandshakeId *string `type:"string" required:"true"`
 14603  }
 14604  
 14605  // String returns the string representation.
 14606  //
 14607  // API parameter values that are decorated as "sensitive" in the API will not
 14608  // be included in the string output. The member name will be present, but the
 14609  // value will be replaced with "sensitive".
 14610  func (s AcceptHandshakeInput) String() string {
 14611  	return awsutil.Prettify(s)
 14612  }
 14613  
 14614  // GoString returns the string representation.
 14615  //
 14616  // API parameter values that are decorated as "sensitive" in the API will not
 14617  // be included in the string output. The member name will be present, but the
 14618  // value will be replaced with "sensitive".
 14619  func (s AcceptHandshakeInput) GoString() string {
 14620  	return s.String()
 14621  }
 14622  
 14623  // Validate inspects the fields of the type to determine if they are valid.
 14624  func (s *AcceptHandshakeInput) Validate() error {
 14625  	invalidParams := request.ErrInvalidParams{Context: "AcceptHandshakeInput"}
 14626  	if s.HandshakeId == nil {
 14627  		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
 14628  	}
 14629  
 14630  	if invalidParams.Len() > 0 {
 14631  		return invalidParams
 14632  	}
 14633  	return nil
 14634  }
 14635  
 14636  // SetHandshakeId sets the HandshakeId field's value.
 14637  func (s *AcceptHandshakeInput) SetHandshakeId(v string) *AcceptHandshakeInput {
 14638  	s.HandshakeId = &v
 14639  	return s
 14640  }
 14641  
 14642  type AcceptHandshakeOutput struct {
 14643  	_ struct{} `type:"structure"`
 14644  
 14645  	// A structure that contains details about the accepted handshake.
 14646  	Handshake *Handshake `type:"structure"`
 14647  }
 14648  
 14649  // String returns the string representation.
 14650  //
 14651  // API parameter values that are decorated as "sensitive" in the API will not
 14652  // be included in the string output. The member name will be present, but the
 14653  // value will be replaced with "sensitive".
 14654  func (s AcceptHandshakeOutput) String() string {
 14655  	return awsutil.Prettify(s)
 14656  }
 14657  
 14658  // GoString returns the string representation.
 14659  //
 14660  // API parameter values that are decorated as "sensitive" in the API will not
 14661  // be included in the string output. The member name will be present, but the
 14662  // value will be replaced with "sensitive".
 14663  func (s AcceptHandshakeOutput) GoString() string {
 14664  	return s.String()
 14665  }
 14666  
 14667  // SetHandshake sets the Handshake field's value.
 14668  func (s *AcceptHandshakeOutput) SetHandshake(v *Handshake) *AcceptHandshakeOutput {
 14669  	s.Handshake = v
 14670  	return s
 14671  }
 14672  
 14673  // You don't have permissions to perform the requested operation. The user or
 14674  // role that is making the request must have at least one IAM permissions policy
 14675  // attached that grants the required permissions. For more information, see
 14676  // Access Management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html)
 14677  // in the IAM User Guide.
 14678  type AccessDeniedException struct {
 14679  	_            struct{}                  `type:"structure"`
 14680  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 14681  
 14682  	Message_ *string `locationName:"Message" type:"string"`
 14683  }
 14684  
 14685  // String returns the string representation.
 14686  //
 14687  // API parameter values that are decorated as "sensitive" in the API will not
 14688  // be included in the string output. The member name will be present, but the
 14689  // value will be replaced with "sensitive".
 14690  func (s AccessDeniedException) String() string {
 14691  	return awsutil.Prettify(s)
 14692  }
 14693  
 14694  // GoString returns the string representation.
 14695  //
 14696  // API parameter values that are decorated as "sensitive" in the API will not
 14697  // be included in the string output. The member name will be present, but the
 14698  // value will be replaced with "sensitive".
 14699  func (s AccessDeniedException) GoString() string {
 14700  	return s.String()
 14701  }
 14702  
 14703  func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
 14704  	return &AccessDeniedException{
 14705  		RespMetadata: v,
 14706  	}
 14707  }
 14708  
 14709  // Code returns the exception type name.
 14710  func (s *AccessDeniedException) Code() string {
 14711  	return "AccessDeniedException"
 14712  }
 14713  
 14714  // Message returns the exception's message.
 14715  func (s *AccessDeniedException) Message() string {
 14716  	if s.Message_ != nil {
 14717  		return *s.Message_
 14718  	}
 14719  	return ""
 14720  }
 14721  
 14722  // OrigErr always returns nil, satisfies awserr.Error interface.
 14723  func (s *AccessDeniedException) OrigErr() error {
 14724  	return nil
 14725  }
 14726  
 14727  func (s *AccessDeniedException) Error() string {
 14728  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 14729  }
 14730  
 14731  // Status code returns the HTTP status code for the request's response error.
 14732  func (s *AccessDeniedException) StatusCode() int {
 14733  	return s.RespMetadata.StatusCode
 14734  }
 14735  
 14736  // RequestID returns the service's response RequestID for request.
 14737  func (s *AccessDeniedException) RequestID() string {
 14738  	return s.RespMetadata.RequestID
 14739  }
 14740  
 14741  // The operation that you attempted requires you to have the iam:CreateServiceLinkedRole
 14742  // for organizations.amazonaws.com permission so that AWS Organizations can
 14743  // create the required service-linked role. You don't have that permission.
 14744  type AccessDeniedForDependencyException struct {
 14745  	_            struct{}                  `type:"structure"`
 14746  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 14747  
 14748  	Message_ *string `locationName:"Message" type:"string"`
 14749  
 14750  	Reason *string `type:"string" enum:"AccessDeniedForDependencyExceptionReason"`
 14751  }
 14752  
 14753  // String returns the string representation.
 14754  //
 14755  // API parameter values that are decorated as "sensitive" in the API will not
 14756  // be included in the string output. The member name will be present, but the
 14757  // value will be replaced with "sensitive".
 14758  func (s AccessDeniedForDependencyException) String() string {
 14759  	return awsutil.Prettify(s)
 14760  }
 14761  
 14762  // GoString returns the string representation.
 14763  //
 14764  // API parameter values that are decorated as "sensitive" in the API will not
 14765  // be included in the string output. The member name will be present, but the
 14766  // value will be replaced with "sensitive".
 14767  func (s AccessDeniedForDependencyException) GoString() string {
 14768  	return s.String()
 14769  }
 14770  
 14771  func newErrorAccessDeniedForDependencyException(v protocol.ResponseMetadata) error {
 14772  	return &AccessDeniedForDependencyException{
 14773  		RespMetadata: v,
 14774  	}
 14775  }
 14776  
 14777  // Code returns the exception type name.
 14778  func (s *AccessDeniedForDependencyException) Code() string {
 14779  	return "AccessDeniedForDependencyException"
 14780  }
 14781  
 14782  // Message returns the exception's message.
 14783  func (s *AccessDeniedForDependencyException) Message() string {
 14784  	if s.Message_ != nil {
 14785  		return *s.Message_
 14786  	}
 14787  	return ""
 14788  }
 14789  
 14790  // OrigErr always returns nil, satisfies awserr.Error interface.
 14791  func (s *AccessDeniedForDependencyException) OrigErr() error {
 14792  	return nil
 14793  }
 14794  
 14795  func (s *AccessDeniedForDependencyException) Error() string {
 14796  	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
 14797  }
 14798  
 14799  // Status code returns the HTTP status code for the request's response error.
 14800  func (s *AccessDeniedForDependencyException) StatusCode() int {
 14801  	return s.RespMetadata.StatusCode
 14802  }
 14803  
 14804  // RequestID returns the service's response RequestID for request.
 14805  func (s *AccessDeniedForDependencyException) RequestID() string {
 14806  	return s.RespMetadata.RequestID
 14807  }
 14808  
 14809  // Contains information about an AWS account that is a member of an organization.
 14810  type Account struct {
 14811  	_ struct{} `type:"structure"`
 14812  
 14813  	// The Amazon Resource Name (ARN) of the account.
 14814  	//
 14815  	// For more information about ARNs in Organizations, see ARN Formats Supported
 14816  	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
 14817  	// in the AWS Service Authorization Reference.
 14818  	Arn *string `type:"string"`
 14819  
 14820  	// The email address associated with the AWS account.
 14821  	//
 14822  	// The regex pattern (http://wikipedia.org/wiki/regex) for this parameter is
 14823  	// a string of characters that represents a standard internet email address.
 14824  	//
 14825  	// Email is a sensitive parameter and its value will be
 14826  	// replaced with "sensitive" in string returned by Account's
 14827  	// String and GoString methods.
 14828  	Email *string `min:"6" type:"string" sensitive:"true"`
 14829  
 14830  	// The unique identifier (ID) of the account.
 14831  	//
 14832  	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
 14833  	// requires exactly 12 digits.
 14834  	Id *string `type:"string"`
 14835  
 14836  	// The method by which the account joined the organization.
 14837  	JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"`
 14838  
 14839  	// The date the account became a part of the organization.
 14840  	JoinedTimestamp *time.Time `type:"timestamp"`
 14841  
 14842  	// The friendly name of the account.
 14843  	//
 14844  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 14845  	// this parameter is a string of any of the characters in the ASCII character
 14846  	// range.
 14847  	//
 14848  	// Name is a sensitive parameter and its value will be
 14849  	// replaced with "sensitive" in string returned by Account's
 14850  	// String and GoString methods.
 14851  	Name *string `min:"1" type:"string" sensitive:"true"`
 14852  
 14853  	// The status of the account in the organization.
 14854  	Status *string `type:"string" enum:"AccountStatus"`
 14855  }
 14856  
 14857  // String returns the string representation.
 14858  //
 14859  // API parameter values that are decorated as "sensitive" in the API will not
 14860  // be included in the string output. The member name will be present, but the
 14861  // value will be replaced with "sensitive".
 14862  func (s Account) String() string {
 14863  	return awsutil.Prettify(s)
 14864  }
 14865  
 14866  // GoString returns the string representation.
 14867  //
 14868  // API parameter values that are decorated as "sensitive" in the API will not
 14869  // be included in the string output. The member name will be present, but the
 14870  // value will be replaced with "sensitive".
 14871  func (s Account) GoString() string {
 14872  	return s.String()
 14873  }
 14874  
 14875  // SetArn sets the Arn field's value.
 14876  func (s *Account) SetArn(v string) *Account {
 14877  	s.Arn = &v
 14878  	return s
 14879  }
 14880  
 14881  // SetEmail sets the Email field's value.
 14882  func (s *Account) SetEmail(v string) *Account {
 14883  	s.Email = &v
 14884  	return s
 14885  }
 14886  
 14887  // SetId sets the Id field's value.
 14888  func (s *Account) SetId(v string) *Account {
 14889  	s.Id = &v
 14890  	return s
 14891  }
 14892  
 14893  // SetJoinedMethod sets the JoinedMethod field's value.
 14894  func (s *Account) SetJoinedMethod(v string) *Account {
 14895  	s.JoinedMethod = &v
 14896  	return s
 14897  }
 14898  
 14899  // SetJoinedTimestamp sets the JoinedTimestamp field's value.
 14900  func (s *Account) SetJoinedTimestamp(v time.Time) *Account {
 14901  	s.JoinedTimestamp = &v
 14902  	return s
 14903  }
 14904  
 14905  // SetName sets the Name field's value.
 14906  func (s *Account) SetName(v string) *Account {
 14907  	s.Name = &v
 14908  	return s
 14909  }
 14910  
 14911  // SetStatus sets the Status field's value.
 14912  func (s *Account) SetStatus(v string) *Account {
 14913  	s.Status = &v
 14914  	return s
 14915  }
 14916  
 14917  // The specified account is already a delegated administrator for this AWS service.
 14918  type AccountAlreadyRegisteredException struct {
 14919  	_            struct{}                  `type:"structure"`
 14920  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 14921  
 14922  	Message_ *string `locationName:"Message" type:"string"`
 14923  }
 14924  
 14925  // String returns the string representation.
 14926  //
 14927  // API parameter values that are decorated as "sensitive" in the API will not
 14928  // be included in the string output. The member name will be present, but the
 14929  // value will be replaced with "sensitive".
 14930  func (s AccountAlreadyRegisteredException) String() string {
 14931  	return awsutil.Prettify(s)
 14932  }
 14933  
 14934  // GoString returns the string representation.
 14935  //
 14936  // API parameter values that are decorated as "sensitive" in the API will not
 14937  // be included in the string output. The member name will be present, but the
 14938  // value will be replaced with "sensitive".
 14939  func (s AccountAlreadyRegisteredException) GoString() string {
 14940  	return s.String()
 14941  }
 14942  
 14943  func newErrorAccountAlreadyRegisteredException(v protocol.ResponseMetadata) error {
 14944  	return &AccountAlreadyRegisteredException{
 14945  		RespMetadata: v,
 14946  	}
 14947  }
 14948  
 14949  // Code returns the exception type name.
 14950  func (s *AccountAlreadyRegisteredException) Code() string {
 14951  	return "AccountAlreadyRegisteredException"
 14952  }
 14953  
 14954  // Message returns the exception's message.
 14955  func (s *AccountAlreadyRegisteredException) Message() string {
 14956  	if s.Message_ != nil {
 14957  		return *s.Message_
 14958  	}
 14959  	return ""
 14960  }
 14961  
 14962  // OrigErr always returns nil, satisfies awserr.Error interface.
 14963  func (s *AccountAlreadyRegisteredException) OrigErr() error {
 14964  	return nil
 14965  }
 14966  
 14967  func (s *AccountAlreadyRegisteredException) Error() string {
 14968  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 14969  }
 14970  
 14971  // Status code returns the HTTP status code for the request's response error.
 14972  func (s *AccountAlreadyRegisteredException) StatusCode() int {
 14973  	return s.RespMetadata.StatusCode
 14974  }
 14975  
 14976  // RequestID returns the service's response RequestID for request.
 14977  func (s *AccountAlreadyRegisteredException) RequestID() string {
 14978  	return s.RespMetadata.RequestID
 14979  }
 14980  
 14981  // We can't find an AWS account with the AccountId that you specified, or the
 14982  // account whose credentials you used to make this request isn't a member of
 14983  // an organization.
 14984  type AccountNotFoundException struct {
 14985  	_            struct{}                  `type:"structure"`
 14986  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 14987  
 14988  	Message_ *string `locationName:"Message" type:"string"`
 14989  }
 14990  
 14991  // String returns the string representation.
 14992  //
 14993  // API parameter values that are decorated as "sensitive" in the API will not
 14994  // be included in the string output. The member name will be present, but the
 14995  // value will be replaced with "sensitive".
 14996  func (s AccountNotFoundException) String() string {
 14997  	return awsutil.Prettify(s)
 14998  }
 14999  
 15000  // GoString returns the string representation.
 15001  //
 15002  // API parameter values that are decorated as "sensitive" in the API will not
 15003  // be included in the string output. The member name will be present, but the
 15004  // value will be replaced with "sensitive".
 15005  func (s AccountNotFoundException) GoString() string {
 15006  	return s.String()
 15007  }
 15008  
 15009  func newErrorAccountNotFoundException(v protocol.ResponseMetadata) error {
 15010  	return &AccountNotFoundException{
 15011  		RespMetadata: v,
 15012  	}
 15013  }
 15014  
 15015  // Code returns the exception type name.
 15016  func (s *AccountNotFoundException) Code() string {
 15017  	return "AccountNotFoundException"
 15018  }
 15019  
 15020  // Message returns the exception's message.
 15021  func (s *AccountNotFoundException) Message() string {
 15022  	if s.Message_ != nil {
 15023  		return *s.Message_
 15024  	}
 15025  	return ""
 15026  }
 15027  
 15028  // OrigErr always returns nil, satisfies awserr.Error interface.
 15029  func (s *AccountNotFoundException) OrigErr() error {
 15030  	return nil
 15031  }
 15032  
 15033  func (s *AccountNotFoundException) Error() string {
 15034  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 15035  }
 15036  
 15037  // Status code returns the HTTP status code for the request's response error.
 15038  func (s *AccountNotFoundException) StatusCode() int {
 15039  	return s.RespMetadata.StatusCode
 15040  }
 15041  
 15042  // RequestID returns the service's response RequestID for request.
 15043  func (s *AccountNotFoundException) RequestID() string {
 15044  	return s.RespMetadata.RequestID
 15045  }
 15046  
 15047  // The specified account is not a delegated administrator for this AWS service.
 15048  type AccountNotRegisteredException struct {
 15049  	_            struct{}                  `type:"structure"`
 15050  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 15051  
 15052  	Message_ *string `locationName:"Message" type:"string"`
 15053  }
 15054  
 15055  // String returns the string representation.
 15056  //
 15057  // API parameter values that are decorated as "sensitive" in the API will not
 15058  // be included in the string output. The member name will be present, but the
 15059  // value will be replaced with "sensitive".
 15060  func (s AccountNotRegisteredException) String() string {
 15061  	return awsutil.Prettify(s)
 15062  }
 15063  
 15064  // GoString returns the string representation.
 15065  //
 15066  // API parameter values that are decorated as "sensitive" in the API will not
 15067  // be included in the string output. The member name will be present, but the
 15068  // value will be replaced with "sensitive".
 15069  func (s AccountNotRegisteredException) GoString() string {
 15070  	return s.String()
 15071  }
 15072  
 15073  func newErrorAccountNotRegisteredException(v protocol.ResponseMetadata) error {
 15074  	return &AccountNotRegisteredException{
 15075  		RespMetadata: v,
 15076  	}
 15077  }
 15078  
 15079  // Code returns the exception type name.
 15080  func (s *AccountNotRegisteredException) Code() string {
 15081  	return "AccountNotRegisteredException"
 15082  }
 15083  
 15084  // Message returns the exception's message.
 15085  func (s *AccountNotRegisteredException) Message() string {
 15086  	if s.Message_ != nil {
 15087  		return *s.Message_
 15088  	}
 15089  	return ""
 15090  }
 15091  
 15092  // OrigErr always returns nil, satisfies awserr.Error interface.
 15093  func (s *AccountNotRegisteredException) OrigErr() error {
 15094  	return nil
 15095  }
 15096  
 15097  func (s *AccountNotRegisteredException) Error() string {
 15098  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 15099  }
 15100  
 15101  // Status code returns the HTTP status code for the request's response error.
 15102  func (s *AccountNotRegisteredException) StatusCode() int {
 15103  	return s.RespMetadata.StatusCode
 15104  }
 15105  
 15106  // RequestID returns the service's response RequestID for request.
 15107  func (s *AccountNotRegisteredException) RequestID() string {
 15108  	return s.RespMetadata.RequestID
 15109  }
 15110  
 15111  // You can't invite an existing account to your organization until you verify
 15112  // that you own the email address associated with the management account. For
 15113  // more information, see Email Address Verification (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_create.html#about-email-verification)
 15114  // in the AWS Organizations User Guide.
 15115  type AccountOwnerNotVerifiedException struct {
 15116  	_            struct{}                  `type:"structure"`
 15117  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 15118  
 15119  	Message_ *string `locationName:"Message" type:"string"`
 15120  }
 15121  
 15122  // String returns the string representation.
 15123  //
 15124  // API parameter values that are decorated as "sensitive" in the API will not
 15125  // be included in the string output. The member name will be present, but the
 15126  // value will be replaced with "sensitive".
 15127  func (s AccountOwnerNotVerifiedException) String() string {
 15128  	return awsutil.Prettify(s)
 15129  }
 15130  
 15131  // GoString returns the string representation.
 15132  //
 15133  // API parameter values that are decorated as "sensitive" in the API will not
 15134  // be included in the string output. The member name will be present, but the
 15135  // value will be replaced with "sensitive".
 15136  func (s AccountOwnerNotVerifiedException) GoString() string {
 15137  	return s.String()
 15138  }
 15139  
 15140  func newErrorAccountOwnerNotVerifiedException(v protocol.ResponseMetadata) error {
 15141  	return &AccountOwnerNotVerifiedException{
 15142  		RespMetadata: v,
 15143  	}
 15144  }
 15145  
 15146  // Code returns the exception type name.
 15147  func (s *AccountOwnerNotVerifiedException) Code() string {
 15148  	return "AccountOwnerNotVerifiedException"
 15149  }
 15150  
 15151  // Message returns the exception's message.
 15152  func (s *AccountOwnerNotVerifiedException) Message() string {
 15153  	if s.Message_ != nil {
 15154  		return *s.Message_
 15155  	}
 15156  	return ""
 15157  }
 15158  
 15159  // OrigErr always returns nil, satisfies awserr.Error interface.
 15160  func (s *AccountOwnerNotVerifiedException) OrigErr() error {
 15161  	return nil
 15162  }
 15163  
 15164  func (s *AccountOwnerNotVerifiedException) Error() string {
 15165  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 15166  }
 15167  
 15168  // Status code returns the HTTP status code for the request's response error.
 15169  func (s *AccountOwnerNotVerifiedException) StatusCode() int {
 15170  	return s.RespMetadata.StatusCode
 15171  }
 15172  
 15173  // RequestID returns the service's response RequestID for request.
 15174  func (s *AccountOwnerNotVerifiedException) RequestID() string {
 15175  	return s.RespMetadata.RequestID
 15176  }
 15177  
 15178  // This account is already a member of an organization. An account can belong
 15179  // to only one organization at a time.
 15180  type AlreadyInOrganizationException struct {
 15181  	_            struct{}                  `type:"structure"`
 15182  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 15183  
 15184  	Message_ *string `locationName:"Message" type:"string"`
 15185  }
 15186  
 15187  // String returns the string representation.
 15188  //
 15189  // API parameter values that are decorated as "sensitive" in the API will not
 15190  // be included in the string output. The member name will be present, but the
 15191  // value will be replaced with "sensitive".
 15192  func (s AlreadyInOrganizationException) String() string {
 15193  	return awsutil.Prettify(s)
 15194  }
 15195  
 15196  // GoString returns the string representation.
 15197  //
 15198  // API parameter values that are decorated as "sensitive" in the API will not
 15199  // be included in the string output. The member name will be present, but the
 15200  // value will be replaced with "sensitive".
 15201  func (s AlreadyInOrganizationException) GoString() string {
 15202  	return s.String()
 15203  }
 15204  
 15205  func newErrorAlreadyInOrganizationException(v protocol.ResponseMetadata) error {
 15206  	return &AlreadyInOrganizationException{
 15207  		RespMetadata: v,
 15208  	}
 15209  }
 15210  
 15211  // Code returns the exception type name.
 15212  func (s *AlreadyInOrganizationException) Code() string {
 15213  	return "AlreadyInOrganizationException"
 15214  }
 15215  
 15216  // Message returns the exception's message.
 15217  func (s *AlreadyInOrganizationException) Message() string {
 15218  	if s.Message_ != nil {
 15219  		return *s.Message_
 15220  	}
 15221  	return ""
 15222  }
 15223  
 15224  // OrigErr always returns nil, satisfies awserr.Error interface.
 15225  func (s *AlreadyInOrganizationException) OrigErr() error {
 15226  	return nil
 15227  }
 15228  
 15229  func (s *AlreadyInOrganizationException) Error() string {
 15230  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 15231  }
 15232  
 15233  // Status code returns the HTTP status code for the request's response error.
 15234  func (s *AlreadyInOrganizationException) StatusCode() int {
 15235  	return s.RespMetadata.StatusCode
 15236  }
 15237  
 15238  // RequestID returns the service's response RequestID for request.
 15239  func (s *AlreadyInOrganizationException) RequestID() string {
 15240  	return s.RespMetadata.RequestID
 15241  }
 15242  
 15243  type AttachPolicyInput struct {
 15244  	_ struct{} `type:"structure"`
 15245  
 15246  	// The unique identifier (ID) of the policy that you want to attach to the target.
 15247  	// You can get the ID for the policy by calling the ListPolicies operation.
 15248  	//
 15249  	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
 15250  	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
 15251  	// or the underscore character (_).
 15252  	//
 15253  	// PolicyId is a required field
 15254  	PolicyId *string `type:"string" required:"true"`
 15255  
 15256  	// The unique identifier (ID) of the root, OU, or account that you want to attach
 15257  	// the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent,
 15258  	// or ListAccounts operations.
 15259  	//
 15260  	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
 15261  	// requires one of the following:
 15262  	//
 15263  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 15264  	//    letters or digits.
 15265  	//
 15266  	//    * Account - A string that consists of exactly 12 digits.
 15267  	//
 15268  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 15269  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 15270  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 15271  	//    32 additional lowercase letters or digits.
 15272  	//
 15273  	// TargetId is a required field
 15274  	TargetId *string `type:"string" required:"true"`
 15275  }
 15276  
 15277  // String returns the string representation.
 15278  //
 15279  // API parameter values that are decorated as "sensitive" in the API will not
 15280  // be included in the string output. The member name will be present, but the
 15281  // value will be replaced with "sensitive".
 15282  func (s AttachPolicyInput) String() string {
 15283  	return awsutil.Prettify(s)
 15284  }
 15285  
 15286  // GoString returns the string representation.
 15287  //
 15288  // API parameter values that are decorated as "sensitive" in the API will not
 15289  // be included in the string output. The member name will be present, but the
 15290  // value will be replaced with "sensitive".
 15291  func (s AttachPolicyInput) GoString() string {
 15292  	return s.String()
 15293  }
 15294  
 15295  // Validate inspects the fields of the type to determine if they are valid.
 15296  func (s *AttachPolicyInput) Validate() error {
 15297  	invalidParams := request.ErrInvalidParams{Context: "AttachPolicyInput"}
 15298  	if s.PolicyId == nil {
 15299  		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
 15300  	}
 15301  	if s.TargetId == nil {
 15302  		invalidParams.Add(request.NewErrParamRequired("TargetId"))
 15303  	}
 15304  
 15305  	if invalidParams.Len() > 0 {
 15306  		return invalidParams
 15307  	}
 15308  	return nil
 15309  }
 15310  
 15311  // SetPolicyId sets the PolicyId field's value.
 15312  func (s *AttachPolicyInput) SetPolicyId(v string) *AttachPolicyInput {
 15313  	s.PolicyId = &v
 15314  	return s
 15315  }
 15316  
 15317  // SetTargetId sets the TargetId field's value.
 15318  func (s *AttachPolicyInput) SetTargetId(v string) *AttachPolicyInput {
 15319  	s.TargetId = &v
 15320  	return s
 15321  }
 15322  
 15323  type AttachPolicyOutput struct {
 15324  	_ struct{} `type:"structure"`
 15325  }
 15326  
 15327  // String returns the string representation.
 15328  //
 15329  // API parameter values that are decorated as "sensitive" in the API will not
 15330  // be included in the string output. The member name will be present, but the
 15331  // value will be replaced with "sensitive".
 15332  func (s AttachPolicyOutput) String() string {
 15333  	return awsutil.Prettify(s)
 15334  }
 15335  
 15336  // GoString returns the string representation.
 15337  //
 15338  // API parameter values that are decorated as "sensitive" in the API will not
 15339  // be included in the string output. The member name will be present, but the
 15340  // value will be replaced with "sensitive".
 15341  func (s AttachPolicyOutput) GoString() string {
 15342  	return s.String()
 15343  }
 15344  
 15345  type CancelHandshakeInput struct {
 15346  	_ struct{} `type:"structure"`
 15347  
 15348  	// The unique identifier (ID) of the handshake that you want to cancel. You
 15349  	// can get the ID from the ListHandshakesForOrganization operation.
 15350  	//
 15351  	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
 15352  	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
 15353  	//
 15354  	// HandshakeId is a required field
 15355  	HandshakeId *string `type:"string" required:"true"`
 15356  }
 15357  
 15358  // String returns the string representation.
 15359  //
 15360  // API parameter values that are decorated as "sensitive" in the API will not
 15361  // be included in the string output. The member name will be present, but the
 15362  // value will be replaced with "sensitive".
 15363  func (s CancelHandshakeInput) String() string {
 15364  	return awsutil.Prettify(s)
 15365  }
 15366  
 15367  // GoString returns the string representation.
 15368  //
 15369  // API parameter values that are decorated as "sensitive" in the API will not
 15370  // be included in the string output. The member name will be present, but the
 15371  // value will be replaced with "sensitive".
 15372  func (s CancelHandshakeInput) GoString() string {
 15373  	return s.String()
 15374  }
 15375  
 15376  // Validate inspects the fields of the type to determine if they are valid.
 15377  func (s *CancelHandshakeInput) Validate() error {
 15378  	invalidParams := request.ErrInvalidParams{Context: "CancelHandshakeInput"}
 15379  	if s.HandshakeId == nil {
 15380  		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
 15381  	}
 15382  
 15383  	if invalidParams.Len() > 0 {
 15384  		return invalidParams
 15385  	}
 15386  	return nil
 15387  }
 15388  
 15389  // SetHandshakeId sets the HandshakeId field's value.
 15390  func (s *CancelHandshakeInput) SetHandshakeId(v string) *CancelHandshakeInput {
 15391  	s.HandshakeId = &v
 15392  	return s
 15393  }
 15394  
 15395  type CancelHandshakeOutput struct {
 15396  	_ struct{} `type:"structure"`
 15397  
 15398  	// A structure that contains details about the handshake that you canceled.
 15399  	Handshake *Handshake `type:"structure"`
 15400  }
 15401  
 15402  // String returns the string representation.
 15403  //
 15404  // API parameter values that are decorated as "sensitive" in the API will not
 15405  // be included in the string output. The member name will be present, but the
 15406  // value will be replaced with "sensitive".
 15407  func (s CancelHandshakeOutput) String() string {
 15408  	return awsutil.Prettify(s)
 15409  }
 15410  
 15411  // GoString returns the string representation.
 15412  //
 15413  // API parameter values that are decorated as "sensitive" in the API will not
 15414  // be included in the string output. The member name will be present, but the
 15415  // value will be replaced with "sensitive".
 15416  func (s CancelHandshakeOutput) GoString() string {
 15417  	return s.String()
 15418  }
 15419  
 15420  // SetHandshake sets the Handshake field's value.
 15421  func (s *CancelHandshakeOutput) SetHandshake(v *Handshake) *CancelHandshakeOutput {
 15422  	s.Handshake = v
 15423  	return s
 15424  }
 15425  
 15426  // Contains a list of child entities, either OUs or accounts.
 15427  type Child struct {
 15428  	_ struct{} `type:"structure"`
 15429  
 15430  	// The unique identifier (ID) of this child entity.
 15431  	//
 15432  	// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
 15433  	// requires one of the following:
 15434  	//
 15435  	//    * Account - A string that consists of exactly 12 digits.
 15436  	//
 15437  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 15438  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that contains
 15439  	//    the OU). This string is followed by a second "-" dash and from 8 to 32
 15440  	//    additional lowercase letters or digits.
 15441  	Id *string `type:"string"`
 15442  
 15443  	// The type of this child entity.
 15444  	Type *string `type:"string" enum:"ChildType"`
 15445  }
 15446  
 15447  // String returns the string representation.
 15448  //
 15449  // API parameter values that are decorated as "sensitive" in the API will not
 15450  // be included in the string output. The member name will be present, but the
 15451  // value will be replaced with "sensitive".
 15452  func (s Child) String() string {
 15453  	return awsutil.Prettify(s)
 15454  }
 15455  
 15456  // GoString returns the string representation.
 15457  //
 15458  // API parameter values that are decorated as "sensitive" in the API will not
 15459  // be included in the string output. The member name will be present, but the
 15460  // value will be replaced with "sensitive".
 15461  func (s Child) GoString() string {
 15462  	return s.String()
 15463  }
 15464  
 15465  // SetId sets the Id field's value.
 15466  func (s *Child) SetId(v string) *Child {
 15467  	s.Id = &v
 15468  	return s
 15469  }
 15470  
 15471  // SetType sets the Type field's value.
 15472  func (s *Child) SetType(v string) *Child {
 15473  	s.Type = &v
 15474  	return s
 15475  }
 15476  
 15477  // We can't find an organizational unit (OU) or AWS account with the ChildId
 15478  // that you specified.
 15479  type ChildNotFoundException struct {
 15480  	_            struct{}                  `type:"structure"`
 15481  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 15482  
 15483  	Message_ *string `locationName:"Message" type:"string"`
 15484  }
 15485  
 15486  // String returns the string representation.
 15487  //
 15488  // API parameter values that are decorated as "sensitive" in the API will not
 15489  // be included in the string output. The member name will be present, but the
 15490  // value will be replaced with "sensitive".
 15491  func (s ChildNotFoundException) String() string {
 15492  	return awsutil.Prettify(s)
 15493  }
 15494  
 15495  // GoString returns the string representation.
 15496  //
 15497  // API parameter values that are decorated as "sensitive" in the API will not
 15498  // be included in the string output. The member name will be present, but the
 15499  // value will be replaced with "sensitive".
 15500  func (s ChildNotFoundException) GoString() string {
 15501  	return s.String()
 15502  }
 15503  
 15504  func newErrorChildNotFoundException(v protocol.ResponseMetadata) error {
 15505  	return &ChildNotFoundException{
 15506  		RespMetadata: v,
 15507  	}
 15508  }
 15509  
 15510  // Code returns the exception type name.
 15511  func (s *ChildNotFoundException) Code() string {
 15512  	return "ChildNotFoundException"
 15513  }
 15514  
 15515  // Message returns the exception's message.
 15516  func (s *ChildNotFoundException) Message() string {
 15517  	if s.Message_ != nil {
 15518  		return *s.Message_
 15519  	}
 15520  	return ""
 15521  }
 15522  
 15523  // OrigErr always returns nil, satisfies awserr.Error interface.
 15524  func (s *ChildNotFoundException) OrigErr() error {
 15525  	return nil
 15526  }
 15527  
 15528  func (s *ChildNotFoundException) Error() string {
 15529  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 15530  }
 15531  
 15532  // Status code returns the HTTP status code for the request's response error.
 15533  func (s *ChildNotFoundException) StatusCode() int {
 15534  	return s.RespMetadata.StatusCode
 15535  }
 15536  
 15537  // RequestID returns the service's response RequestID for request.
 15538  func (s *ChildNotFoundException) RequestID() string {
 15539  	return s.RespMetadata.RequestID
 15540  }
 15541  
 15542  // The target of the operation is currently being modified by a different request.
 15543  // Try again later.
 15544  type ConcurrentModificationException struct {
 15545  	_            struct{}                  `type:"structure"`
 15546  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 15547  
 15548  	Message_ *string `locationName:"Message" type:"string"`
 15549  }
 15550  
 15551  // String returns the string representation.
 15552  //
 15553  // API parameter values that are decorated as "sensitive" in the API will not
 15554  // be included in the string output. The member name will be present, but the
 15555  // value will be replaced with "sensitive".
 15556  func (s ConcurrentModificationException) String() string {
 15557  	return awsutil.Prettify(s)
 15558  }
 15559  
 15560  // GoString returns the string representation.
 15561  //
 15562  // API parameter values that are decorated as "sensitive" in the API will not
 15563  // be included in the string output. The member name will be present, but the
 15564  // value will be replaced with "sensitive".
 15565  func (s ConcurrentModificationException) GoString() string {
 15566  	return s.String()
 15567  }
 15568  
 15569  func newErrorConcurrentModificationException(v protocol.ResponseMetadata) error {
 15570  	return &ConcurrentModificationException{
 15571  		RespMetadata: v,
 15572  	}
 15573  }
 15574  
 15575  // Code returns the exception type name.
 15576  func (s *ConcurrentModificationException) Code() string {
 15577  	return "ConcurrentModificationException"
 15578  }
 15579  
 15580  // Message returns the exception's message.
 15581  func (s *ConcurrentModificationException) Message() string {
 15582  	if s.Message_ != nil {
 15583  		return *s.Message_
 15584  	}
 15585  	return ""
 15586  }
 15587  
 15588  // OrigErr always returns nil, satisfies awserr.Error interface.
 15589  func (s *ConcurrentModificationException) OrigErr() error {
 15590  	return nil
 15591  }
 15592  
 15593  func (s *ConcurrentModificationException) Error() string {
 15594  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 15595  }
 15596  
 15597  // Status code returns the HTTP status code for the request's response error.
 15598  func (s *ConcurrentModificationException) StatusCode() int {
 15599  	return s.RespMetadata.StatusCode
 15600  }
 15601  
 15602  // RequestID returns the service's response RequestID for request.
 15603  func (s *ConcurrentModificationException) RequestID() string {
 15604  	return s.RespMetadata.RequestID
 15605  }
 15606  
 15607  // Performing this operation violates a minimum or maximum value limit. For
 15608  // example, attempting to remove the last service control policy (SCP) from
 15609  // an OU or root, inviting or creating too many accounts to the organization,
 15610  // or attaching too many policies to an account, OU, or root. This exception
 15611  // includes a reason that contains additional information about the violated
 15612  // limit:
 15613  //
 15614  // Some of the reasons in the following list might not be applicable to this
 15615  // specific API or operation.
 15616  //
 15617  //    * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management
 15618  //    account from the organization. You can't remove the management account.
 15619  //    Instead, after you remove all member accounts, delete the organization
 15620  //    itself.
 15621  //
 15622  //    * ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA: You attempted to remove an account
 15623  //    from the organization that doesn't yet have enough information to exist
 15624  //    as a standalone account. This account requires you to first agree to the
 15625  //    AWS Customer Agreement. Follow the steps at Removing a member account
 15626  //    from your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)in
 15627  //    the AWS Organizations User Guide.
 15628  //
 15629  //    * ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove
 15630  //    an account from the organization that doesn't yet have enough information
 15631  //    to exist as a standalone account. This account requires you to first complete
 15632  //    phone verification. Follow the steps at Removing a member account from
 15633  //    your organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#orgs_manage_accounts_remove-from-master)
 15634  //    in the AWS Organizations User Guide.
 15635  //
 15636  //    * ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number
 15637  //    of accounts that you can create in one day.
 15638  //
 15639  //    * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
 15640  //    the number of accounts in an organization. If you need more accounts,
 15641  //    contact AWS Support (https://console.aws.amazon.com/support/home#/) to
 15642  //    request an increase in your limit. Or the number of invitations that you
 15643  //    tried to send would cause you to exceed the limit of accounts in your
 15644  //    organization. Send fewer invitations or contact AWS Support to request
 15645  //    an increase in the number of accounts. Deleted and closed accounts still
 15646  //    count toward your limit. If you get this exception when running a command
 15647  //    immediately after creating the organization, wait one hour and try again.
 15648  //    After an hour, if the command continues to fail with this error, contact
 15649  //    AWS Support (https://console.aws.amazon.com/support/home#/).
 15650  //
 15651  //    * CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to
 15652  //    register the management account of the organization as a delegated administrator
 15653  //    for an AWS service integrated with Organizations. You can designate only
 15654  //    a member account as a delegated administrator.
 15655  //
 15656  //    * CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove
 15657  //    an account that is registered as a delegated administrator for a service
 15658  //    integrated with your organization. To complete this operation, you must
 15659  //    first deregister this account as a delegated administrator.
 15660  //
 15661  //    * CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an
 15662  //    organization in the specified region, you must enable all features mode.
 15663  //
 15664  //    * DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register
 15665  //    an AWS account as a delegated administrator for an AWS service that already
 15666  //    has a delegated administrator. To complete this operation, you must first
 15667  //    deregister any existing delegated administrators for this service.
 15668  //
 15669  //    * EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only
 15670  //    valid for a limited period of time. You must resubmit the request and
 15671  //    generate a new verfication code.
 15672  //
 15673  //    * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
 15674  //    handshakes that you can send in one day.
 15675  //
 15676  //    * MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account
 15677  //    in this organization, you first must migrate the organization's management
 15678  //    account to the marketplace that corresponds to the management account's
 15679  //    address. For example, accounts with India addresses must be associated
 15680  //    with the AISPL marketplace. All accounts in an organization must be associated
 15681  //    with the same marketplace.
 15682  //
 15683  //    * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions
 15684  //    in China. To create an organization, the master must have a valid business
 15685  //    license. For more information, contact customer support.
 15686  //
 15687  //    * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you
 15688  //    must first provide a valid contact address and phone number for the management
 15689  //    account. Then try the operation again.
 15690  //
 15691  //    * MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the
 15692  //    management account must have an associated account in the AWS GovCloud
 15693  //    (US-West) Region. For more information, see AWS Organizations (http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html)
 15694  //    in the AWS GovCloud User Guide.
 15695  //
 15696  //    * MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization
 15697  //    with this management account, you first must associate a valid payment
 15698  //    instrument, such as a credit card, with the account. Follow the steps
 15699  //    at To leave an organization when all required account information has
 15700  //    not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 15701  //    in the AWS Organizations User Guide.
 15702  //
 15703  //    * MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted
 15704  //    to register more delegated administrators than allowed for the service
 15705  //    principal.
 15706  //
 15707  //    * MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the
 15708  //    number of policies of a certain type that can be attached to an entity
 15709  //    at one time.
 15710  //
 15711  //    * MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed
 15712  //    on this resource.
 15713  //
 15714  //    * MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation
 15715  //    with this member account, you first must associate a valid payment instrument,
 15716  //    such as a credit card, with the account. Follow the steps at To leave
 15717  //    an organization when all required account information has not yet been
 15718  //    provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info)
 15719  //    in the AWS Organizations User Guide.
 15720  //
 15721  //    * MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a
 15722  //    policy from an entity that would cause the entity to have fewer than the
 15723  //    minimum number of policies of a certain type required.
 15724  //
 15725  //    * ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation
 15726  //    that requires the organization to be configured to support all features.
 15727  //    An organization that supports only consolidated billing features can't
 15728  //    perform this operation.
 15729  //
 15730  //    * OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is
 15731  //    too many levels deep.
 15732  //
 15733  //    * OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs
 15734  //    that you can have in an organization.
 15735  //
 15736  //    * POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that
 15737  //    is larger than the maximum size.
 15738  //
 15739  //    * POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of
 15740  //    policies that you can have in an organization.
 15741  //
 15742  //    * TAG_POLICY_VIOLATION: You attempted to create or update a resource with
 15743  //    tags that are not compliant with the tag policy requirements for this
 15744  //    account.
 15745  type ConstraintViolationException struct {
 15746  	_            struct{}                  `type:"structure"`
 15747  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 15748  
 15749  	Message_ *string `locationName:"Message" type:"string"`
 15750  
 15751  	Reason *string `type:"string" enum:"ConstraintViolationExceptionReason"`
 15752  }
 15753  
 15754  // String returns the string representation.
 15755  //
 15756  // API parameter values that are decorated as "sensitive" in the API will not
 15757  // be included in the string output. The member name will be present, but the
 15758  // value will be replaced with "sensitive".
 15759  func (s ConstraintViolationException) String() string {
 15760  	return awsutil.Prettify(s)
 15761  }
 15762  
 15763  // GoString returns the string representation.
 15764  //
 15765  // API parameter values that are decorated as "sensitive" in the API will not
 15766  // be included in the string output. The member name will be present, but the
 15767  // value will be replaced with "sensitive".
 15768  func (s ConstraintViolationException) GoString() string {
 15769  	return s.String()
 15770  }
 15771  
 15772  func newErrorConstraintViolationException(v protocol.ResponseMetadata) error {
 15773  	return &ConstraintViolationException{
 15774  		RespMetadata: v,
 15775  	}
 15776  }
 15777  
 15778  // Code returns the exception type name.
 15779  func (s *ConstraintViolationException) Code() string {
 15780  	return "ConstraintViolationException"
 15781  }
 15782  
 15783  // Message returns the exception's message.
 15784  func (s *ConstraintViolationException) Message() string {
 15785  	if s.Message_ != nil {
 15786  		return *s.Message_
 15787  	}
 15788  	return ""
 15789  }
 15790  
 15791  // OrigErr always returns nil, satisfies awserr.Error interface.
 15792  func (s *ConstraintViolationException) OrigErr() error {
 15793  	return nil
 15794  }
 15795  
 15796  func (s *ConstraintViolationException) Error() string {
 15797  	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
 15798  }
 15799  
 15800  // Status code returns the HTTP status code for the request's response error.
 15801  func (s *ConstraintViolationException) StatusCode() int {
 15802  	return s.RespMetadata.StatusCode
 15803  }
 15804  
 15805  // RequestID returns the service's response RequestID for request.
 15806  func (s *ConstraintViolationException) RequestID() string {
 15807  	return s.RespMetadata.RequestID
 15808  }
 15809  
 15810  type CreateAccountInput struct {
 15811  	_ struct{} `type:"structure"`
 15812  
 15813  	// The friendly name of the member account.
 15814  	//
 15815  	// AccountName is a sensitive parameter and its value will be
 15816  	// replaced with "sensitive" in string returned by CreateAccountInput's
 15817  	// String and GoString methods.
 15818  	//
 15819  	// AccountName is a required field
 15820  	AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
 15821  
 15822  	// The email address of the owner to assign to the new member account. This
 15823  	// email address must not already be associated with another AWS account. You
 15824  	// must use a valid email address to complete account creation. You can't access
 15825  	// the root user of the account or remove an account that was created with an
 15826  	// invalid email address.
 15827  	//
 15828  	// Email is a sensitive parameter and its value will be
 15829  	// replaced with "sensitive" in string returned by CreateAccountInput's
 15830  	// String and GoString methods.
 15831  	//
 15832  	// Email is a required field
 15833  	Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
 15834  
 15835  	// If set to ALLOW, the new account enables IAM users to access account billing
 15836  	// information if they have the required permissions. If set to DENY, only the
 15837  	// root user of the new account can access account billing information. For
 15838  	// more information, see Activating Access to the Billing and Cost Management
 15839  	// Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
 15840  	// in the AWS Billing and Cost Management User Guide.
 15841  	//
 15842  	// If you don't specify this parameter, the value defaults to ALLOW, and IAM
 15843  	// users and roles with the required permissions can access billing information
 15844  	// for the new account.
 15845  	IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
 15846  
 15847  	// (Optional)
 15848  	//
 15849  	// The name of an IAM role that AWS Organizations automatically preconfigures
 15850  	// in the new member account. This role trusts the management account, allowing
 15851  	// users in the management account to assume the role, as permitted by the management
 15852  	// account administrator. The role has administrator permissions in the new
 15853  	// member account.
 15854  	//
 15855  	// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
 15856  	//
 15857  	// For more information about how to use this role to access the member account,
 15858  	// see the following links:
 15859  	//
 15860  	//    * Accessing and Administering the Member Accounts in Your Organization
 15861  	//    (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
 15862  	//    in the AWS Organizations User Guide
 15863  	//
 15864  	//    * Steps 2 and 3 in Tutorial: Delegate Access Across AWS Accounts Using
 15865  	//    IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
 15866  	//    in the IAM User Guide
 15867  	//
 15868  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 15869  	// this parameter. The pattern can include uppercase letters, lowercase letters,
 15870  	// digits with no spaces, and any of the following characters: =,.@-
 15871  	RoleName *string `type:"string"`
 15872  
 15873  	// A list of tags that you want to attach to the newly created account. For
 15874  	// each tag in the list, you must specify both a tag key and a value. You can
 15875  	// set the value to an empty string, but you can't set it to null. For more
 15876  	// information about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
 15877  	// in the AWS Organizations User Guide.
 15878  	//
 15879  	// If any one of the tags is invalid or if you exceed the allowed number of
 15880  	// tags for an account, then the entire request fails and the account is not
 15881  	// created.
 15882  	Tags []*Tag `type:"list"`
 15883  }
 15884  
 15885  // String returns the string representation.
 15886  //
 15887  // API parameter values that are decorated as "sensitive" in the API will not
 15888  // be included in the string output. The member name will be present, but the
 15889  // value will be replaced with "sensitive".
 15890  func (s CreateAccountInput) String() string {
 15891  	return awsutil.Prettify(s)
 15892  }
 15893  
 15894  // GoString returns the string representation.
 15895  //
 15896  // API parameter values that are decorated as "sensitive" in the API will not
 15897  // be included in the string output. The member name will be present, but the
 15898  // value will be replaced with "sensitive".
 15899  func (s CreateAccountInput) GoString() string {
 15900  	return s.String()
 15901  }
 15902  
 15903  // Validate inspects the fields of the type to determine if they are valid.
 15904  func (s *CreateAccountInput) Validate() error {
 15905  	invalidParams := request.ErrInvalidParams{Context: "CreateAccountInput"}
 15906  	if s.AccountName == nil {
 15907  		invalidParams.Add(request.NewErrParamRequired("AccountName"))
 15908  	}
 15909  	if s.AccountName != nil && len(*s.AccountName) < 1 {
 15910  		invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
 15911  	}
 15912  	if s.Email == nil {
 15913  		invalidParams.Add(request.NewErrParamRequired("Email"))
 15914  	}
 15915  	if s.Email != nil && len(*s.Email) < 6 {
 15916  		invalidParams.Add(request.NewErrParamMinLen("Email", 6))
 15917  	}
 15918  	if s.Tags != nil {
 15919  		for i, v := range s.Tags {
 15920  			if v == nil {
 15921  				continue
 15922  			}
 15923  			if err := v.Validate(); err != nil {
 15924  				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
 15925  			}
 15926  		}
 15927  	}
 15928  
 15929  	if invalidParams.Len() > 0 {
 15930  		return invalidParams
 15931  	}
 15932  	return nil
 15933  }
 15934  
 15935  // SetAccountName sets the AccountName field's value.
 15936  func (s *CreateAccountInput) SetAccountName(v string) *CreateAccountInput {
 15937  	s.AccountName = &v
 15938  	return s
 15939  }
 15940  
 15941  // SetEmail sets the Email field's value.
 15942  func (s *CreateAccountInput) SetEmail(v string) *CreateAccountInput {
 15943  	s.Email = &v
 15944  	return s
 15945  }
 15946  
 15947  // SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
 15948  func (s *CreateAccountInput) SetIamUserAccessToBilling(v string) *CreateAccountInput {
 15949  	s.IamUserAccessToBilling = &v
 15950  	return s
 15951  }
 15952  
 15953  // SetRoleName sets the RoleName field's value.
 15954  func (s *CreateAccountInput) SetRoleName(v string) *CreateAccountInput {
 15955  	s.RoleName = &v
 15956  	return s
 15957  }
 15958  
 15959  // SetTags sets the Tags field's value.
 15960  func (s *CreateAccountInput) SetTags(v []*Tag) *CreateAccountInput {
 15961  	s.Tags = v
 15962  	return s
 15963  }
 15964  
 15965  type CreateAccountOutput struct {
 15966  	_ struct{} `type:"structure"`
 15967  
 15968  	// A structure that contains details about the request to create an account.
 15969  	// This response structure might not be fully populated when you first receive
 15970  	// it because account creation is an asynchronous process. You can pass the
 15971  	// returned CreateAccountStatus ID as a parameter to DescribeCreateAccountStatus
 15972  	// to get status about the progress of the request at later times. You can also
 15973  	// check the AWS CloudTrail log for the CreateAccountResult event. For more
 15974  	// information, see Monitoring the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html)
 15975  	// in the AWS Organizations User Guide.
 15976  	CreateAccountStatus *CreateAccountStatus `type:"structure"`
 15977  }
 15978  
 15979  // String returns the string representation.
 15980  //
 15981  // API parameter values that are decorated as "sensitive" in the API will not
 15982  // be included in the string output. The member name will be present, but the
 15983  // value will be replaced with "sensitive".
 15984  func (s CreateAccountOutput) String() string {
 15985  	return awsutil.Prettify(s)
 15986  }
 15987  
 15988  // GoString returns the string representation.
 15989  //
 15990  // API parameter values that are decorated as "sensitive" in the API will not
 15991  // be included in the string output. The member name will be present, but the
 15992  // value will be replaced with "sensitive".
 15993  func (s CreateAccountOutput) GoString() string {
 15994  	return s.String()
 15995  }
 15996  
 15997  // SetCreateAccountStatus sets the CreateAccountStatus field's value.
 15998  func (s *CreateAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateAccountOutput {
 15999  	s.CreateAccountStatus = v
 16000  	return s
 16001  }
 16002  
 16003  // Contains the status about a CreateAccount or CreateGovCloudAccount request
 16004  // to create an AWS account or an AWS GovCloud (US) account in an organization.
 16005  type CreateAccountStatus struct {
 16006  	_ struct{} `type:"structure"`
 16007  
 16008  	// If the account was created successfully, the unique identifier (ID) of the
 16009  	// new account.
 16010  	//
 16011  	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
 16012  	// requires exactly 12 digits.
 16013  	AccountId *string `type:"string"`
 16014  
 16015  	// The account name given to the account when it was created.
 16016  	//
 16017  	// AccountName is a sensitive parameter and its value will be
 16018  	// replaced with "sensitive" in string returned by CreateAccountStatus's
 16019  	// String and GoString methods.
 16020  	AccountName *string `min:"1" type:"string" sensitive:"true"`
 16021  
 16022  	// The date and time that the account was created and the request completed.
 16023  	CompletedTimestamp *time.Time `type:"timestamp"`
 16024  
 16025  	// If the request failed, a description of the reason for the failure.
 16026  	//
 16027  	//    * ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you
 16028  	//    reached the limit on the number of accounts in your organization.
 16029  	//
 16030  	//    * CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with
 16031  	//    the same information.
 16032  	//
 16033  	//    * EMAIL_ALREADY_EXISTS: The account could not be created because another
 16034  	//    AWS account with that email address already exists.
 16035  	//
 16036  	//    * FAILED_BUSINESS_VALIDATION: The AWS account that owns your organization
 16037  	//    failed to receive business license validation.
 16038  	//
 16039  	//    * GOVCLOUD_ACCOUNT_ALREADY_EXISTS: The account in the AWS GovCloud (US)
 16040  	//    Region could not be created because this Region already includes an account
 16041  	//    with that email address.
 16042  	//
 16043  	//    * IDENTITY_INVALID_BUSINESS_VALIDATION: The AWS account that owns your
 16044  	//    organization can't complete business license validation because it doesn't
 16045  	//    have valid identity data.
 16046  	//
 16047  	//    * INVALID_ADDRESS: The account could not be created because the address
 16048  	//    you provided is not valid.
 16049  	//
 16050  	//    * INVALID_EMAIL: The account could not be created because the email address
 16051  	//    you provided is not valid.
 16052  	//
 16053  	//    * INTERNAL_FAILURE: The account could not be created because of an internal
 16054  	//    failure. Try again later. If the problem persists, contact AWS Customer
 16055  	//    Support.
 16056  	//
 16057  	//    * MISSING_BUSINESS_VALIDATION: The AWS account that owns your organization
 16058  	//    has not received Business Validation.
 16059  	//
 16060  	//    * MISSING_PAYMENT_INSTRUMENT: You must configure the management account
 16061  	//    with a valid payment method, such as a credit card.
 16062  	//
 16063  	//    * PENDING_BUSINESS_VALIDATION: The AWS account that owns your organization
 16064  	//    is still in the process of completing business license validation.
 16065  	//
 16066  	//    * UNKNOWN_BUSINESS_VALIDATION: The AWS account that owns your organization
 16067  	//    has an unknown issue with business license validation.
 16068  	FailureReason *string `type:"string" enum:"CreateAccountFailureReason"`
 16069  
 16070  	// If the account was created successfully, the unique identifier (ID) of the
 16071  	// new account in the AWS GovCloud (US) Region.
 16072  	GovCloudAccountId *string `type:"string"`
 16073  
 16074  	// The unique identifier (ID) that references this request. You get this value
 16075  	// from the response of the initial CreateAccount request to create the account.
 16076  	//
 16077  	// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
 16078  	// request ID string requires "car-" followed by from 8 to 32 lowercase letters
 16079  	// or digits.
 16080  	Id *string `type:"string"`
 16081  
 16082  	// The date and time that the request was made for the account creation.
 16083  	RequestedTimestamp *time.Time `type:"timestamp"`
 16084  
 16085  	// The status of the asynchronous request to create an AWS account.
 16086  	State *string `type:"string" enum:"CreateAccountState"`
 16087  }
 16088  
 16089  // String returns the string representation.
 16090  //
 16091  // API parameter values that are decorated as "sensitive" in the API will not
 16092  // be included in the string output. The member name will be present, but the
 16093  // value will be replaced with "sensitive".
 16094  func (s CreateAccountStatus) String() string {
 16095  	return awsutil.Prettify(s)
 16096  }
 16097  
 16098  // GoString returns the string representation.
 16099  //
 16100  // API parameter values that are decorated as "sensitive" in the API will not
 16101  // be included in the string output. The member name will be present, but the
 16102  // value will be replaced with "sensitive".
 16103  func (s CreateAccountStatus) GoString() string {
 16104  	return s.String()
 16105  }
 16106  
 16107  // SetAccountId sets the AccountId field's value.
 16108  func (s *CreateAccountStatus) SetAccountId(v string) *CreateAccountStatus {
 16109  	s.AccountId = &v
 16110  	return s
 16111  }
 16112  
 16113  // SetAccountName sets the AccountName field's value.
 16114  func (s *CreateAccountStatus) SetAccountName(v string) *CreateAccountStatus {
 16115  	s.AccountName = &v
 16116  	return s
 16117  }
 16118  
 16119  // SetCompletedTimestamp sets the CompletedTimestamp field's value.
 16120  func (s *CreateAccountStatus) SetCompletedTimestamp(v time.Time) *CreateAccountStatus {
 16121  	s.CompletedTimestamp = &v
 16122  	return s
 16123  }
 16124  
 16125  // SetFailureReason sets the FailureReason field's value.
 16126  func (s *CreateAccountStatus) SetFailureReason(v string) *CreateAccountStatus {
 16127  	s.FailureReason = &v
 16128  	return s
 16129  }
 16130  
 16131  // SetGovCloudAccountId sets the GovCloudAccountId field's value.
 16132  func (s *CreateAccountStatus) SetGovCloudAccountId(v string) *CreateAccountStatus {
 16133  	s.GovCloudAccountId = &v
 16134  	return s
 16135  }
 16136  
 16137  // SetId sets the Id field's value.
 16138  func (s *CreateAccountStatus) SetId(v string) *CreateAccountStatus {
 16139  	s.Id = &v
 16140  	return s
 16141  }
 16142  
 16143  // SetRequestedTimestamp sets the RequestedTimestamp field's value.
 16144  func (s *CreateAccountStatus) SetRequestedTimestamp(v time.Time) *CreateAccountStatus {
 16145  	s.RequestedTimestamp = &v
 16146  	return s
 16147  }
 16148  
 16149  // SetState sets the State field's value.
 16150  func (s *CreateAccountStatus) SetState(v string) *CreateAccountStatus {
 16151  	s.State = &v
 16152  	return s
 16153  }
 16154  
 16155  // We can't find an create account request with the CreateAccountRequestId that
 16156  // you specified.
 16157  type CreateAccountStatusNotFoundException struct {
 16158  	_            struct{}                  `type:"structure"`
 16159  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 16160  
 16161  	Message_ *string `locationName:"Message" type:"string"`
 16162  }
 16163  
 16164  // String returns the string representation.
 16165  //
 16166  // API parameter values that are decorated as "sensitive" in the API will not
 16167  // be included in the string output. The member name will be present, but the
 16168  // value will be replaced with "sensitive".
 16169  func (s CreateAccountStatusNotFoundException) String() string {
 16170  	return awsutil.Prettify(s)
 16171  }
 16172  
 16173  // GoString returns the string representation.
 16174  //
 16175  // API parameter values that are decorated as "sensitive" in the API will not
 16176  // be included in the string output. The member name will be present, but the
 16177  // value will be replaced with "sensitive".
 16178  func (s CreateAccountStatusNotFoundException) GoString() string {
 16179  	return s.String()
 16180  }
 16181  
 16182  func newErrorCreateAccountStatusNotFoundException(v protocol.ResponseMetadata) error {
 16183  	return &CreateAccountStatusNotFoundException{
 16184  		RespMetadata: v,
 16185  	}
 16186  }
 16187  
 16188  // Code returns the exception type name.
 16189  func (s *CreateAccountStatusNotFoundException) Code() string {
 16190  	return "CreateAccountStatusNotFoundException"
 16191  }
 16192  
 16193  // Message returns the exception's message.
 16194  func (s *CreateAccountStatusNotFoundException) Message() string {
 16195  	if s.Message_ != nil {
 16196  		return *s.Message_
 16197  	}
 16198  	return ""
 16199  }
 16200  
 16201  // OrigErr always returns nil, satisfies awserr.Error interface.
 16202  func (s *CreateAccountStatusNotFoundException) OrigErr() error {
 16203  	return nil
 16204  }
 16205  
 16206  func (s *CreateAccountStatusNotFoundException) Error() string {
 16207  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 16208  }
 16209  
 16210  // Status code returns the HTTP status code for the request's response error.
 16211  func (s *CreateAccountStatusNotFoundException) StatusCode() int {
 16212  	return s.RespMetadata.StatusCode
 16213  }
 16214  
 16215  // RequestID returns the service's response RequestID for request.
 16216  func (s *CreateAccountStatusNotFoundException) RequestID() string {
 16217  	return s.RespMetadata.RequestID
 16218  }
 16219  
 16220  type CreateGovCloudAccountInput struct {
 16221  	_ struct{} `type:"structure"`
 16222  
 16223  	// The friendly name of the member account.
 16224  	//
 16225  	// AccountName is a sensitive parameter and its value will be
 16226  	// replaced with "sensitive" in string returned by CreateGovCloudAccountInput's
 16227  	// String and GoString methods.
 16228  	//
 16229  	// AccountName is a required field
 16230  	AccountName *string `min:"1" type:"string" required:"true" sensitive:"true"`
 16231  
 16232  	// The email address of the owner to assign to the new member account in the
 16233  	// commercial Region. This email address must not already be associated with
 16234  	// another AWS account. You must use a valid email address to complete account
 16235  	// creation. You can't access the root user of the account or remove an account
 16236  	// that was created with an invalid email address. Like all request parameters
 16237  	// for CreateGovCloudAccount, the request for the email address for the AWS
 16238  	// GovCloud (US) account originates from the commercial Region, not from the
 16239  	// AWS GovCloud (US) Region.
 16240  	//
 16241  	// Email is a sensitive parameter and its value will be
 16242  	// replaced with "sensitive" in string returned by CreateGovCloudAccountInput's
 16243  	// String and GoString methods.
 16244  	//
 16245  	// Email is a required field
 16246  	Email *string `min:"6" type:"string" required:"true" sensitive:"true"`
 16247  
 16248  	// If set to ALLOW, the new linked account in the commercial Region enables
 16249  	// IAM users to access account billing information if they have the required
 16250  	// permissions. If set to DENY, only the root user of the new account can access
 16251  	// account billing information. For more information, see Activating Access
 16252  	// to the Billing and Cost Management Console (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate)
 16253  	// in the AWS Billing and Cost Management User Guide.
 16254  	//
 16255  	// If you don't specify this parameter, the value defaults to ALLOW, and IAM
 16256  	// users and roles with the required permissions can access billing information
 16257  	// for the new account.
 16258  	IamUserAccessToBilling *string `type:"string" enum:"IAMUserAccessToBilling"`
 16259  
 16260  	// (Optional)
 16261  	//
 16262  	// The name of an IAM role that AWS Organizations automatically preconfigures
 16263  	// in the new member accounts in both the AWS GovCloud (US) Region and in the
 16264  	// commercial Region. This role trusts the management account, allowing users
 16265  	// in the management account to assume the role, as permitted by the management
 16266  	// account administrator. The role has administrator permissions in the new
 16267  	// member account.
 16268  	//
 16269  	// If you don't specify this parameter, the role name defaults to OrganizationAccountAccessRole.
 16270  	//
 16271  	// For more information about how to use this role to access the member account,
 16272  	// see Accessing and Administering the Member Accounts in Your Organization
 16273  	// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role)
 16274  	// in the AWS Organizations User Guide and steps 2 and 3 in Tutorial: Delegate
 16275  	// Access Across AWS Accounts Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html)
 16276  	// in the IAM User Guide.
 16277  	//
 16278  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 16279  	// this parameter. The pattern can include uppercase letters, lowercase letters,
 16280  	// digits with no spaces, and any of the following characters: =,.@-
 16281  	RoleName *string `type:"string"`
 16282  
 16283  	// A list of tags that you want to attach to the newly created account. These
 16284  	// tags are attached to the commercial account associated with the GovCloud
 16285  	// account, and not to the GovCloud account itself. To add tags to the actual
 16286  	// GovCloud account, call the TagResource operation in the GovCloud region after
 16287  	// the new GovCloud account exists.
 16288  	//
 16289  	// For each tag in the list, you must specify both a tag key and a value. You
 16290  	// can set the value to an empty string, but you can't set it to null. For more
 16291  	// information about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
 16292  	// in the AWS Organizations User Guide.
 16293  	//
 16294  	// If any one of the tags is invalid or if you exceed the allowed number of
 16295  	// tags for an account, then the entire request fails and the account is not
 16296  	// created.
 16297  	Tags []*Tag `type:"list"`
 16298  }
 16299  
 16300  // String returns the string representation.
 16301  //
 16302  // API parameter values that are decorated as "sensitive" in the API will not
 16303  // be included in the string output. The member name will be present, but the
 16304  // value will be replaced with "sensitive".
 16305  func (s CreateGovCloudAccountInput) String() string {
 16306  	return awsutil.Prettify(s)
 16307  }
 16308  
 16309  // GoString returns the string representation.
 16310  //
 16311  // API parameter values that are decorated as "sensitive" in the API will not
 16312  // be included in the string output. The member name will be present, but the
 16313  // value will be replaced with "sensitive".
 16314  func (s CreateGovCloudAccountInput) GoString() string {
 16315  	return s.String()
 16316  }
 16317  
 16318  // Validate inspects the fields of the type to determine if they are valid.
 16319  func (s *CreateGovCloudAccountInput) Validate() error {
 16320  	invalidParams := request.ErrInvalidParams{Context: "CreateGovCloudAccountInput"}
 16321  	if s.AccountName == nil {
 16322  		invalidParams.Add(request.NewErrParamRequired("AccountName"))
 16323  	}
 16324  	if s.AccountName != nil && len(*s.AccountName) < 1 {
 16325  		invalidParams.Add(request.NewErrParamMinLen("AccountName", 1))
 16326  	}
 16327  	if s.Email == nil {
 16328  		invalidParams.Add(request.NewErrParamRequired("Email"))
 16329  	}
 16330  	if s.Email != nil && len(*s.Email) < 6 {
 16331  		invalidParams.Add(request.NewErrParamMinLen("Email", 6))
 16332  	}
 16333  	if s.Tags != nil {
 16334  		for i, v := range s.Tags {
 16335  			if v == nil {
 16336  				continue
 16337  			}
 16338  			if err := v.Validate(); err != nil {
 16339  				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
 16340  			}
 16341  		}
 16342  	}
 16343  
 16344  	if invalidParams.Len() > 0 {
 16345  		return invalidParams
 16346  	}
 16347  	return nil
 16348  }
 16349  
 16350  // SetAccountName sets the AccountName field's value.
 16351  func (s *CreateGovCloudAccountInput) SetAccountName(v string) *CreateGovCloudAccountInput {
 16352  	s.AccountName = &v
 16353  	return s
 16354  }
 16355  
 16356  // SetEmail sets the Email field's value.
 16357  func (s *CreateGovCloudAccountInput) SetEmail(v string) *CreateGovCloudAccountInput {
 16358  	s.Email = &v
 16359  	return s
 16360  }
 16361  
 16362  // SetIamUserAccessToBilling sets the IamUserAccessToBilling field's value.
 16363  func (s *CreateGovCloudAccountInput) SetIamUserAccessToBilling(v string) *CreateGovCloudAccountInput {
 16364  	s.IamUserAccessToBilling = &v
 16365  	return s
 16366  }
 16367  
 16368  // SetRoleName sets the RoleName field's value.
 16369  func (s *CreateGovCloudAccountInput) SetRoleName(v string) *CreateGovCloudAccountInput {
 16370  	s.RoleName = &v
 16371  	return s
 16372  }
 16373  
 16374  // SetTags sets the Tags field's value.
 16375  func (s *CreateGovCloudAccountInput) SetTags(v []*Tag) *CreateGovCloudAccountInput {
 16376  	s.Tags = v
 16377  	return s
 16378  }
 16379  
 16380  type CreateGovCloudAccountOutput struct {
 16381  	_ struct{} `type:"structure"`
 16382  
 16383  	// Contains the status about a CreateAccount or CreateGovCloudAccount request
 16384  	// to create an AWS account or an AWS GovCloud (US) account in an organization.
 16385  	CreateAccountStatus *CreateAccountStatus `type:"structure"`
 16386  }
 16387  
 16388  // String returns the string representation.
 16389  //
 16390  // API parameter values that are decorated as "sensitive" in the API will not
 16391  // be included in the string output. The member name will be present, but the
 16392  // value will be replaced with "sensitive".
 16393  func (s CreateGovCloudAccountOutput) String() string {
 16394  	return awsutil.Prettify(s)
 16395  }
 16396  
 16397  // GoString returns the string representation.
 16398  //
 16399  // API parameter values that are decorated as "sensitive" in the API will not
 16400  // be included in the string output. The member name will be present, but the
 16401  // value will be replaced with "sensitive".
 16402  func (s CreateGovCloudAccountOutput) GoString() string {
 16403  	return s.String()
 16404  }
 16405  
 16406  // SetCreateAccountStatus sets the CreateAccountStatus field's value.
 16407  func (s *CreateGovCloudAccountOutput) SetCreateAccountStatus(v *CreateAccountStatus) *CreateGovCloudAccountOutput {
 16408  	s.CreateAccountStatus = v
 16409  	return s
 16410  }
 16411  
 16412  type CreateOrganizationInput struct {
 16413  	_ struct{} `type:"structure"`
 16414  
 16415  	// Specifies the feature set supported by the new organization. Each feature
 16416  	// set supports different levels of functionality.
 16417  	//
 16418  	//    * CONSOLIDATED_BILLING: All member accounts have their bills consolidated
 16419  	//    to and paid by the management account. For more information, see Consolidated
 16420  	//    billing (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-cb-only)
 16421  	//    in the AWS Organizations User Guide. The consolidated billing feature
 16422  	//    subset isn't available for organizations in the AWS GovCloud (US) Region.
 16423  	//
 16424  	//    * ALL: In addition to all the features supported by the consolidated billing
 16425  	//    feature set, the management account can also apply any policy type to
 16426  	//    any member account in the organization. For more information, see All
 16427  	//    features (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set-all)
 16428  	//    in the AWS Organizations User Guide.
 16429  	FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
 16430  }
 16431  
 16432  // String returns the string representation.
 16433  //
 16434  // API parameter values that are decorated as "sensitive" in the API will not
 16435  // be included in the string output. The member name will be present, but the
 16436  // value will be replaced with "sensitive".
 16437  func (s CreateOrganizationInput) String() string {
 16438  	return awsutil.Prettify(s)
 16439  }
 16440  
 16441  // GoString returns the string representation.
 16442  //
 16443  // API parameter values that are decorated as "sensitive" in the API will not
 16444  // be included in the string output. The member name will be present, but the
 16445  // value will be replaced with "sensitive".
 16446  func (s CreateOrganizationInput) GoString() string {
 16447  	return s.String()
 16448  }
 16449  
 16450  // SetFeatureSet sets the FeatureSet field's value.
 16451  func (s *CreateOrganizationInput) SetFeatureSet(v string) *CreateOrganizationInput {
 16452  	s.FeatureSet = &v
 16453  	return s
 16454  }
 16455  
 16456  type CreateOrganizationOutput struct {
 16457  	_ struct{} `type:"structure"`
 16458  
 16459  	// A structure that contains details about the newly created organization.
 16460  	Organization *Organization `type:"structure"`
 16461  }
 16462  
 16463  // String returns the string representation.
 16464  //
 16465  // API parameter values that are decorated as "sensitive" in the API will not
 16466  // be included in the string output. The member name will be present, but the
 16467  // value will be replaced with "sensitive".
 16468  func (s CreateOrganizationOutput) String() string {
 16469  	return awsutil.Prettify(s)
 16470  }
 16471  
 16472  // GoString returns the string representation.
 16473  //
 16474  // API parameter values that are decorated as "sensitive" in the API will not
 16475  // be included in the string output. The member name will be present, but the
 16476  // value will be replaced with "sensitive".
 16477  func (s CreateOrganizationOutput) GoString() string {
 16478  	return s.String()
 16479  }
 16480  
 16481  // SetOrganization sets the Organization field's value.
 16482  func (s *CreateOrganizationOutput) SetOrganization(v *Organization) *CreateOrganizationOutput {
 16483  	s.Organization = v
 16484  	return s
 16485  }
 16486  
 16487  type CreateOrganizationalUnitInput struct {
 16488  	_ struct{} `type:"structure"`
 16489  
 16490  	// The friendly name to assign to the new OU.
 16491  	//
 16492  	// Name is a required field
 16493  	Name *string `min:"1" type:"string" required:"true"`
 16494  
 16495  	// The unique identifier (ID) of the parent root or OU that you want to create
 16496  	// the new OU in.
 16497  	//
 16498  	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
 16499  	// requires one of the following:
 16500  	//
 16501  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 16502  	//    letters or digits.
 16503  	//
 16504  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 16505  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 16506  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 16507  	//    32 additional lowercase letters or digits.
 16508  	//
 16509  	// ParentId is a required field
 16510  	ParentId *string `type:"string" required:"true"`
 16511  
 16512  	// A list of tags that you want to attach to the newly created OU. For each
 16513  	// tag in the list, you must specify both a tag key and a value. You can set
 16514  	// the value to an empty string, but you can't set it to null. For more information
 16515  	// about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
 16516  	// in the AWS Organizations User Guide.
 16517  	//
 16518  	// If any one of the tags is invalid or if you exceed the allowed number of
 16519  	// tags for an OU, then the entire request fails and the OU is not created.
 16520  	Tags []*Tag `type:"list"`
 16521  }
 16522  
 16523  // String returns the string representation.
 16524  //
 16525  // API parameter values that are decorated as "sensitive" in the API will not
 16526  // be included in the string output. The member name will be present, but the
 16527  // value will be replaced with "sensitive".
 16528  func (s CreateOrganizationalUnitInput) String() string {
 16529  	return awsutil.Prettify(s)
 16530  }
 16531  
 16532  // GoString returns the string representation.
 16533  //
 16534  // API parameter values that are decorated as "sensitive" in the API will not
 16535  // be included in the string output. The member name will be present, but the
 16536  // value will be replaced with "sensitive".
 16537  func (s CreateOrganizationalUnitInput) GoString() string {
 16538  	return s.String()
 16539  }
 16540  
 16541  // Validate inspects the fields of the type to determine if they are valid.
 16542  func (s *CreateOrganizationalUnitInput) Validate() error {
 16543  	invalidParams := request.ErrInvalidParams{Context: "CreateOrganizationalUnitInput"}
 16544  	if s.Name == nil {
 16545  		invalidParams.Add(request.NewErrParamRequired("Name"))
 16546  	}
 16547  	if s.Name != nil && len(*s.Name) < 1 {
 16548  		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
 16549  	}
 16550  	if s.ParentId == nil {
 16551  		invalidParams.Add(request.NewErrParamRequired("ParentId"))
 16552  	}
 16553  	if s.Tags != nil {
 16554  		for i, v := range s.Tags {
 16555  			if v == nil {
 16556  				continue
 16557  			}
 16558  			if err := v.Validate(); err != nil {
 16559  				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
 16560  			}
 16561  		}
 16562  	}
 16563  
 16564  	if invalidParams.Len() > 0 {
 16565  		return invalidParams
 16566  	}
 16567  	return nil
 16568  }
 16569  
 16570  // SetName sets the Name field's value.
 16571  func (s *CreateOrganizationalUnitInput) SetName(v string) *CreateOrganizationalUnitInput {
 16572  	s.Name = &v
 16573  	return s
 16574  }
 16575  
 16576  // SetParentId sets the ParentId field's value.
 16577  func (s *CreateOrganizationalUnitInput) SetParentId(v string) *CreateOrganizationalUnitInput {
 16578  	s.ParentId = &v
 16579  	return s
 16580  }
 16581  
 16582  // SetTags sets the Tags field's value.
 16583  func (s *CreateOrganizationalUnitInput) SetTags(v []*Tag) *CreateOrganizationalUnitInput {
 16584  	s.Tags = v
 16585  	return s
 16586  }
 16587  
 16588  type CreateOrganizationalUnitOutput struct {
 16589  	_ struct{} `type:"structure"`
 16590  
 16591  	// A structure that contains details about the newly created OU.
 16592  	OrganizationalUnit *OrganizationalUnit `type:"structure"`
 16593  }
 16594  
 16595  // String returns the string representation.
 16596  //
 16597  // API parameter values that are decorated as "sensitive" in the API will not
 16598  // be included in the string output. The member name will be present, but the
 16599  // value will be replaced with "sensitive".
 16600  func (s CreateOrganizationalUnitOutput) String() string {
 16601  	return awsutil.Prettify(s)
 16602  }
 16603  
 16604  // GoString returns the string representation.
 16605  //
 16606  // API parameter values that are decorated as "sensitive" in the API will not
 16607  // be included in the string output. The member name will be present, but the
 16608  // value will be replaced with "sensitive".
 16609  func (s CreateOrganizationalUnitOutput) GoString() string {
 16610  	return s.String()
 16611  }
 16612  
 16613  // SetOrganizationalUnit sets the OrganizationalUnit field's value.
 16614  func (s *CreateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *CreateOrganizationalUnitOutput {
 16615  	s.OrganizationalUnit = v
 16616  	return s
 16617  }
 16618  
 16619  type CreatePolicyInput struct {
 16620  	_ struct{} `type:"structure"`
 16621  
 16622  	// The policy text content to add to the new policy. The text that you supply
 16623  	// must adhere to the rules of the policy type you specify in the Type parameter.
 16624  	//
 16625  	// Content is a required field
 16626  	Content *string `min:"1" type:"string" required:"true"`
 16627  
 16628  	// An optional description to assign to the policy.
 16629  	//
 16630  	// Description is a required field
 16631  	Description *string `type:"string" required:"true"`
 16632  
 16633  	// The friendly name to assign to the policy.
 16634  	//
 16635  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 16636  	// this parameter is a string of any of the characters in the ASCII character
 16637  	// range.
 16638  	//
 16639  	// Name is a required field
 16640  	Name *string `min:"1" type:"string" required:"true"`
 16641  
 16642  	// A list of tags that you want to attach to the newly created policy. For each
 16643  	// tag in the list, you must specify both a tag key and a value. You can set
 16644  	// the value to an empty string, but you can't set it to null. For more information
 16645  	// about tagging, see Tagging AWS Organizations resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
 16646  	// in the AWS Organizations User Guide.
 16647  	//
 16648  	// If any one of the tags is invalid or if you exceed the allowed number of
 16649  	// tags for a policy, then the entire request fails and the policy is not created.
 16650  	Tags []*Tag `type:"list"`
 16651  
 16652  	// The type of policy to create. You can specify one of the following values:
 16653  	//
 16654  	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
 16655  	//
 16656  	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
 16657  	//
 16658  	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
 16659  	//
 16660  	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
 16661  	//
 16662  	// Type is a required field
 16663  	Type *string `type:"string" required:"true" enum:"PolicyType"`
 16664  }
 16665  
 16666  // String returns the string representation.
 16667  //
 16668  // API parameter values that are decorated as "sensitive" in the API will not
 16669  // be included in the string output. The member name will be present, but the
 16670  // value will be replaced with "sensitive".
 16671  func (s CreatePolicyInput) String() string {
 16672  	return awsutil.Prettify(s)
 16673  }
 16674  
 16675  // GoString returns the string representation.
 16676  //
 16677  // API parameter values that are decorated as "sensitive" in the API will not
 16678  // be included in the string output. The member name will be present, but the
 16679  // value will be replaced with "sensitive".
 16680  func (s CreatePolicyInput) GoString() string {
 16681  	return s.String()
 16682  }
 16683  
 16684  // Validate inspects the fields of the type to determine if they are valid.
 16685  func (s *CreatePolicyInput) Validate() error {
 16686  	invalidParams := request.ErrInvalidParams{Context: "CreatePolicyInput"}
 16687  	if s.Content == nil {
 16688  		invalidParams.Add(request.NewErrParamRequired("Content"))
 16689  	}
 16690  	if s.Content != nil && len(*s.Content) < 1 {
 16691  		invalidParams.Add(request.NewErrParamMinLen("Content", 1))
 16692  	}
 16693  	if s.Description == nil {
 16694  		invalidParams.Add(request.NewErrParamRequired("Description"))
 16695  	}
 16696  	if s.Name == nil {
 16697  		invalidParams.Add(request.NewErrParamRequired("Name"))
 16698  	}
 16699  	if s.Name != nil && len(*s.Name) < 1 {
 16700  		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
 16701  	}
 16702  	if s.Type == nil {
 16703  		invalidParams.Add(request.NewErrParamRequired("Type"))
 16704  	}
 16705  	if s.Tags != nil {
 16706  		for i, v := range s.Tags {
 16707  			if v == nil {
 16708  				continue
 16709  			}
 16710  			if err := v.Validate(); err != nil {
 16711  				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
 16712  			}
 16713  		}
 16714  	}
 16715  
 16716  	if invalidParams.Len() > 0 {
 16717  		return invalidParams
 16718  	}
 16719  	return nil
 16720  }
 16721  
 16722  // SetContent sets the Content field's value.
 16723  func (s *CreatePolicyInput) SetContent(v string) *CreatePolicyInput {
 16724  	s.Content = &v
 16725  	return s
 16726  }
 16727  
 16728  // SetDescription sets the Description field's value.
 16729  func (s *CreatePolicyInput) SetDescription(v string) *CreatePolicyInput {
 16730  	s.Description = &v
 16731  	return s
 16732  }
 16733  
 16734  // SetName sets the Name field's value.
 16735  func (s *CreatePolicyInput) SetName(v string) *CreatePolicyInput {
 16736  	s.Name = &v
 16737  	return s
 16738  }
 16739  
 16740  // SetTags sets the Tags field's value.
 16741  func (s *CreatePolicyInput) SetTags(v []*Tag) *CreatePolicyInput {
 16742  	s.Tags = v
 16743  	return s
 16744  }
 16745  
 16746  // SetType sets the Type field's value.
 16747  func (s *CreatePolicyInput) SetType(v string) *CreatePolicyInput {
 16748  	s.Type = &v
 16749  	return s
 16750  }
 16751  
 16752  type CreatePolicyOutput struct {
 16753  	_ struct{} `type:"structure"`
 16754  
 16755  	// A structure that contains details about the newly created policy.
 16756  	Policy *Policy `type:"structure"`
 16757  }
 16758  
 16759  // String returns the string representation.
 16760  //
 16761  // API parameter values that are decorated as "sensitive" in the API will not
 16762  // be included in the string output. The member name will be present, but the
 16763  // value will be replaced with "sensitive".
 16764  func (s CreatePolicyOutput) String() string {
 16765  	return awsutil.Prettify(s)
 16766  }
 16767  
 16768  // GoString returns the string representation.
 16769  //
 16770  // API parameter values that are decorated as "sensitive" in the API will not
 16771  // be included in the string output. The member name will be present, but the
 16772  // value will be replaced with "sensitive".
 16773  func (s CreatePolicyOutput) GoString() string {
 16774  	return s.String()
 16775  }
 16776  
 16777  // SetPolicy sets the Policy field's value.
 16778  func (s *CreatePolicyOutput) SetPolicy(v *Policy) *CreatePolicyOutput {
 16779  	s.Policy = v
 16780  	return s
 16781  }
 16782  
 16783  type DeclineHandshakeInput struct {
 16784  	_ struct{} `type:"structure"`
 16785  
 16786  	// The unique identifier (ID) of the handshake that you want to decline. You
 16787  	// can get the ID from the ListHandshakesForAccount operation.
 16788  	//
 16789  	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
 16790  	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
 16791  	//
 16792  	// HandshakeId is a required field
 16793  	HandshakeId *string `type:"string" required:"true"`
 16794  }
 16795  
 16796  // String returns the string representation.
 16797  //
 16798  // API parameter values that are decorated as "sensitive" in the API will not
 16799  // be included in the string output. The member name will be present, but the
 16800  // value will be replaced with "sensitive".
 16801  func (s DeclineHandshakeInput) String() string {
 16802  	return awsutil.Prettify(s)
 16803  }
 16804  
 16805  // GoString returns the string representation.
 16806  //
 16807  // API parameter values that are decorated as "sensitive" in the API will not
 16808  // be included in the string output. The member name will be present, but the
 16809  // value will be replaced with "sensitive".
 16810  func (s DeclineHandshakeInput) GoString() string {
 16811  	return s.String()
 16812  }
 16813  
 16814  // Validate inspects the fields of the type to determine if they are valid.
 16815  func (s *DeclineHandshakeInput) Validate() error {
 16816  	invalidParams := request.ErrInvalidParams{Context: "DeclineHandshakeInput"}
 16817  	if s.HandshakeId == nil {
 16818  		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
 16819  	}
 16820  
 16821  	if invalidParams.Len() > 0 {
 16822  		return invalidParams
 16823  	}
 16824  	return nil
 16825  }
 16826  
 16827  // SetHandshakeId sets the HandshakeId field's value.
 16828  func (s *DeclineHandshakeInput) SetHandshakeId(v string) *DeclineHandshakeInput {
 16829  	s.HandshakeId = &v
 16830  	return s
 16831  }
 16832  
 16833  type DeclineHandshakeOutput struct {
 16834  	_ struct{} `type:"structure"`
 16835  
 16836  	// A structure that contains details about the declined handshake. The state
 16837  	// is updated to show the value DECLINED.
 16838  	Handshake *Handshake `type:"structure"`
 16839  }
 16840  
 16841  // String returns the string representation.
 16842  //
 16843  // API parameter values that are decorated as "sensitive" in the API will not
 16844  // be included in the string output. The member name will be present, but the
 16845  // value will be replaced with "sensitive".
 16846  func (s DeclineHandshakeOutput) String() string {
 16847  	return awsutil.Prettify(s)
 16848  }
 16849  
 16850  // GoString returns the string representation.
 16851  //
 16852  // API parameter values that are decorated as "sensitive" in the API will not
 16853  // be included in the string output. The member name will be present, but the
 16854  // value will be replaced with "sensitive".
 16855  func (s DeclineHandshakeOutput) GoString() string {
 16856  	return s.String()
 16857  }
 16858  
 16859  // SetHandshake sets the Handshake field's value.
 16860  func (s *DeclineHandshakeOutput) SetHandshake(v *Handshake) *DeclineHandshakeOutput {
 16861  	s.Handshake = v
 16862  	return s
 16863  }
 16864  
 16865  // Contains information about the delegated administrator.
 16866  type DelegatedAdministrator struct {
 16867  	_ struct{} `type:"structure"`
 16868  
 16869  	// The Amazon Resource Name (ARN) of the delegated administrator's account.
 16870  	Arn *string `type:"string"`
 16871  
 16872  	// The date when the account was made a delegated administrator.
 16873  	DelegationEnabledDate *time.Time `type:"timestamp"`
 16874  
 16875  	// The email address that is associated with the delegated administrator's AWS
 16876  	// account.
 16877  	//
 16878  	// Email is a sensitive parameter and its value will be
 16879  	// replaced with "sensitive" in string returned by DelegatedAdministrator's
 16880  	// String and GoString methods.
 16881  	Email *string `min:"6" type:"string" sensitive:"true"`
 16882  
 16883  	// The unique identifier (ID) of the delegated administrator's account.
 16884  	Id *string `type:"string"`
 16885  
 16886  	// The method by which the delegated administrator's account joined the organization.
 16887  	JoinedMethod *string `type:"string" enum:"AccountJoinedMethod"`
 16888  
 16889  	// The date when the delegated administrator's account became a part of the
 16890  	// organization.
 16891  	JoinedTimestamp *time.Time `type:"timestamp"`
 16892  
 16893  	// The friendly name of the delegated administrator's account.
 16894  	//
 16895  	// Name is a sensitive parameter and its value will be
 16896  	// replaced with "sensitive" in string returned by DelegatedAdministrator's
 16897  	// String and GoString methods.
 16898  	Name *string `min:"1" type:"string" sensitive:"true"`
 16899  
 16900  	// The status of the delegated administrator's account in the organization.
 16901  	Status *string `type:"string" enum:"AccountStatus"`
 16902  }
 16903  
 16904  // String returns the string representation.
 16905  //
 16906  // API parameter values that are decorated as "sensitive" in the API will not
 16907  // be included in the string output. The member name will be present, but the
 16908  // value will be replaced with "sensitive".
 16909  func (s DelegatedAdministrator) String() string {
 16910  	return awsutil.Prettify(s)
 16911  }
 16912  
 16913  // GoString returns the string representation.
 16914  //
 16915  // API parameter values that are decorated as "sensitive" in the API will not
 16916  // be included in the string output. The member name will be present, but the
 16917  // value will be replaced with "sensitive".
 16918  func (s DelegatedAdministrator) GoString() string {
 16919  	return s.String()
 16920  }
 16921  
 16922  // SetArn sets the Arn field's value.
 16923  func (s *DelegatedAdministrator) SetArn(v string) *DelegatedAdministrator {
 16924  	s.Arn = &v
 16925  	return s
 16926  }
 16927  
 16928  // SetDelegationEnabledDate sets the DelegationEnabledDate field's value.
 16929  func (s *DelegatedAdministrator) SetDelegationEnabledDate(v time.Time) *DelegatedAdministrator {
 16930  	s.DelegationEnabledDate = &v
 16931  	return s
 16932  }
 16933  
 16934  // SetEmail sets the Email field's value.
 16935  func (s *DelegatedAdministrator) SetEmail(v string) *DelegatedAdministrator {
 16936  	s.Email = &v
 16937  	return s
 16938  }
 16939  
 16940  // SetId sets the Id field's value.
 16941  func (s *DelegatedAdministrator) SetId(v string) *DelegatedAdministrator {
 16942  	s.Id = &v
 16943  	return s
 16944  }
 16945  
 16946  // SetJoinedMethod sets the JoinedMethod field's value.
 16947  func (s *DelegatedAdministrator) SetJoinedMethod(v string) *DelegatedAdministrator {
 16948  	s.JoinedMethod = &v
 16949  	return s
 16950  }
 16951  
 16952  // SetJoinedTimestamp sets the JoinedTimestamp field's value.
 16953  func (s *DelegatedAdministrator) SetJoinedTimestamp(v time.Time) *DelegatedAdministrator {
 16954  	s.JoinedTimestamp = &v
 16955  	return s
 16956  }
 16957  
 16958  // SetName sets the Name field's value.
 16959  func (s *DelegatedAdministrator) SetName(v string) *DelegatedAdministrator {
 16960  	s.Name = &v
 16961  	return s
 16962  }
 16963  
 16964  // SetStatus sets the Status field's value.
 16965  func (s *DelegatedAdministrator) SetStatus(v string) *DelegatedAdministrator {
 16966  	s.Status = &v
 16967  	return s
 16968  }
 16969  
 16970  // Contains information about the AWS service for which the account is a delegated
 16971  // administrator.
 16972  type DelegatedService struct {
 16973  	_ struct{} `type:"structure"`
 16974  
 16975  	// The date that the account became a delegated administrator for this service.
 16976  	DelegationEnabledDate *time.Time `type:"timestamp"`
 16977  
 16978  	// The name of an AWS service that can request an operation for the specified
 16979  	// service. This is typically in the form of a URL, such as: servicename.amazonaws.com.
 16980  	ServicePrincipal *string `min:"1" type:"string"`
 16981  }
 16982  
 16983  // String returns the string representation.
 16984  //
 16985  // API parameter values that are decorated as "sensitive" in the API will not
 16986  // be included in the string output. The member name will be present, but the
 16987  // value will be replaced with "sensitive".
 16988  func (s DelegatedService) String() string {
 16989  	return awsutil.Prettify(s)
 16990  }
 16991  
 16992  // GoString returns the string representation.
 16993  //
 16994  // API parameter values that are decorated as "sensitive" in the API will not
 16995  // be included in the string output. The member name will be present, but the
 16996  // value will be replaced with "sensitive".
 16997  func (s DelegatedService) GoString() string {
 16998  	return s.String()
 16999  }
 17000  
 17001  // SetDelegationEnabledDate sets the DelegationEnabledDate field's value.
 17002  func (s *DelegatedService) SetDelegationEnabledDate(v time.Time) *DelegatedService {
 17003  	s.DelegationEnabledDate = &v
 17004  	return s
 17005  }
 17006  
 17007  // SetServicePrincipal sets the ServicePrincipal field's value.
 17008  func (s *DelegatedService) SetServicePrincipal(v string) *DelegatedService {
 17009  	s.ServicePrincipal = &v
 17010  	return s
 17011  }
 17012  
 17013  type DeleteOrganizationInput struct {
 17014  	_ struct{} `type:"structure"`
 17015  }
 17016  
 17017  // String returns the string representation.
 17018  //
 17019  // API parameter values that are decorated as "sensitive" in the API will not
 17020  // be included in the string output. The member name will be present, but the
 17021  // value will be replaced with "sensitive".
 17022  func (s DeleteOrganizationInput) String() string {
 17023  	return awsutil.Prettify(s)
 17024  }
 17025  
 17026  // GoString returns the string representation.
 17027  //
 17028  // API parameter values that are decorated as "sensitive" in the API will not
 17029  // be included in the string output. The member name will be present, but the
 17030  // value will be replaced with "sensitive".
 17031  func (s DeleteOrganizationInput) GoString() string {
 17032  	return s.String()
 17033  }
 17034  
 17035  type DeleteOrganizationOutput struct {
 17036  	_ struct{} `type:"structure"`
 17037  }
 17038  
 17039  // String returns the string representation.
 17040  //
 17041  // API parameter values that are decorated as "sensitive" in the API will not
 17042  // be included in the string output. The member name will be present, but the
 17043  // value will be replaced with "sensitive".
 17044  func (s DeleteOrganizationOutput) String() string {
 17045  	return awsutil.Prettify(s)
 17046  }
 17047  
 17048  // GoString returns the string representation.
 17049  //
 17050  // API parameter values that are decorated as "sensitive" in the API will not
 17051  // be included in the string output. The member name will be present, but the
 17052  // value will be replaced with "sensitive".
 17053  func (s DeleteOrganizationOutput) GoString() string {
 17054  	return s.String()
 17055  }
 17056  
 17057  type DeleteOrganizationalUnitInput struct {
 17058  	_ struct{} `type:"structure"`
 17059  
 17060  	// The unique identifier (ID) of the organizational unit that you want to delete.
 17061  	// You can get the ID from the ListOrganizationalUnitsForParent operation.
 17062  	//
 17063  	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
 17064  	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
 17065  	// or digits (the ID of the root that contains the OU). This string is followed
 17066  	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
 17067  	//
 17068  	// OrganizationalUnitId is a required field
 17069  	OrganizationalUnitId *string `type:"string" required:"true"`
 17070  }
 17071  
 17072  // String returns the string representation.
 17073  //
 17074  // API parameter values that are decorated as "sensitive" in the API will not
 17075  // be included in the string output. The member name will be present, but the
 17076  // value will be replaced with "sensitive".
 17077  func (s DeleteOrganizationalUnitInput) String() string {
 17078  	return awsutil.Prettify(s)
 17079  }
 17080  
 17081  // GoString returns the string representation.
 17082  //
 17083  // API parameter values that are decorated as "sensitive" in the API will not
 17084  // be included in the string output. The member name will be present, but the
 17085  // value will be replaced with "sensitive".
 17086  func (s DeleteOrganizationalUnitInput) GoString() string {
 17087  	return s.String()
 17088  }
 17089  
 17090  // Validate inspects the fields of the type to determine if they are valid.
 17091  func (s *DeleteOrganizationalUnitInput) Validate() error {
 17092  	invalidParams := request.ErrInvalidParams{Context: "DeleteOrganizationalUnitInput"}
 17093  	if s.OrganizationalUnitId == nil {
 17094  		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
 17095  	}
 17096  
 17097  	if invalidParams.Len() > 0 {
 17098  		return invalidParams
 17099  	}
 17100  	return nil
 17101  }
 17102  
 17103  // SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
 17104  func (s *DeleteOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DeleteOrganizationalUnitInput {
 17105  	s.OrganizationalUnitId = &v
 17106  	return s
 17107  }
 17108  
 17109  type DeleteOrganizationalUnitOutput struct {
 17110  	_ struct{} `type:"structure"`
 17111  }
 17112  
 17113  // String returns the string representation.
 17114  //
 17115  // API parameter values that are decorated as "sensitive" in the API will not
 17116  // be included in the string output. The member name will be present, but the
 17117  // value will be replaced with "sensitive".
 17118  func (s DeleteOrganizationalUnitOutput) String() string {
 17119  	return awsutil.Prettify(s)
 17120  }
 17121  
 17122  // GoString returns the string representation.
 17123  //
 17124  // API parameter values that are decorated as "sensitive" in the API will not
 17125  // be included in the string output. The member name will be present, but the
 17126  // value will be replaced with "sensitive".
 17127  func (s DeleteOrganizationalUnitOutput) GoString() string {
 17128  	return s.String()
 17129  }
 17130  
 17131  type DeletePolicyInput struct {
 17132  	_ struct{} `type:"structure"`
 17133  
 17134  	// The unique identifier (ID) of the policy that you want to delete. You can
 17135  	// get the ID from the ListPolicies or ListPoliciesForTarget operations.
 17136  	//
 17137  	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
 17138  	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
 17139  	// or the underscore character (_).
 17140  	//
 17141  	// PolicyId is a required field
 17142  	PolicyId *string `type:"string" required:"true"`
 17143  }
 17144  
 17145  // String returns the string representation.
 17146  //
 17147  // API parameter values that are decorated as "sensitive" in the API will not
 17148  // be included in the string output. The member name will be present, but the
 17149  // value will be replaced with "sensitive".
 17150  func (s DeletePolicyInput) String() string {
 17151  	return awsutil.Prettify(s)
 17152  }
 17153  
 17154  // GoString returns the string representation.
 17155  //
 17156  // API parameter values that are decorated as "sensitive" in the API will not
 17157  // be included in the string output. The member name will be present, but the
 17158  // value will be replaced with "sensitive".
 17159  func (s DeletePolicyInput) GoString() string {
 17160  	return s.String()
 17161  }
 17162  
 17163  // Validate inspects the fields of the type to determine if they are valid.
 17164  func (s *DeletePolicyInput) Validate() error {
 17165  	invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"}
 17166  	if s.PolicyId == nil {
 17167  		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
 17168  	}
 17169  
 17170  	if invalidParams.Len() > 0 {
 17171  		return invalidParams
 17172  	}
 17173  	return nil
 17174  }
 17175  
 17176  // SetPolicyId sets the PolicyId field's value.
 17177  func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput {
 17178  	s.PolicyId = &v
 17179  	return s
 17180  }
 17181  
 17182  type DeletePolicyOutput struct {
 17183  	_ struct{} `type:"structure"`
 17184  }
 17185  
 17186  // String returns the string representation.
 17187  //
 17188  // API parameter values that are decorated as "sensitive" in the API will not
 17189  // be included in the string output. The member name will be present, but the
 17190  // value will be replaced with "sensitive".
 17191  func (s DeletePolicyOutput) String() string {
 17192  	return awsutil.Prettify(s)
 17193  }
 17194  
 17195  // GoString returns the string representation.
 17196  //
 17197  // API parameter values that are decorated as "sensitive" in the API will not
 17198  // be included in the string output. The member name will be present, but the
 17199  // value will be replaced with "sensitive".
 17200  func (s DeletePolicyOutput) GoString() string {
 17201  	return s.String()
 17202  }
 17203  
 17204  type DeregisterDelegatedAdministratorInput struct {
 17205  	_ struct{} `type:"structure"`
 17206  
 17207  	// The account ID number of the member account in the organization that you
 17208  	// want to deregister as a delegated administrator.
 17209  	//
 17210  	// AccountId is a required field
 17211  	AccountId *string `type:"string" required:"true"`
 17212  
 17213  	// The service principal name of an AWS service for which the account is a delegated
 17214  	// administrator.
 17215  	//
 17216  	// Delegated administrator privileges are revoked for only the specified AWS
 17217  	// service from the member account. If the specified service is the only service
 17218  	// for which the member account is a delegated administrator, the operation
 17219  	// also revokes Organizations read action permissions.
 17220  	//
 17221  	// ServicePrincipal is a required field
 17222  	ServicePrincipal *string `min:"1" type:"string" required:"true"`
 17223  }
 17224  
 17225  // String returns the string representation.
 17226  //
 17227  // API parameter values that are decorated as "sensitive" in the API will not
 17228  // be included in the string output. The member name will be present, but the
 17229  // value will be replaced with "sensitive".
 17230  func (s DeregisterDelegatedAdministratorInput) String() string {
 17231  	return awsutil.Prettify(s)
 17232  }
 17233  
 17234  // GoString returns the string representation.
 17235  //
 17236  // API parameter values that are decorated as "sensitive" in the API will not
 17237  // be included in the string output. The member name will be present, but the
 17238  // value will be replaced with "sensitive".
 17239  func (s DeregisterDelegatedAdministratorInput) GoString() string {
 17240  	return s.String()
 17241  }
 17242  
 17243  // Validate inspects the fields of the type to determine if they are valid.
 17244  func (s *DeregisterDelegatedAdministratorInput) Validate() error {
 17245  	invalidParams := request.ErrInvalidParams{Context: "DeregisterDelegatedAdministratorInput"}
 17246  	if s.AccountId == nil {
 17247  		invalidParams.Add(request.NewErrParamRequired("AccountId"))
 17248  	}
 17249  	if s.ServicePrincipal == nil {
 17250  		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
 17251  	}
 17252  	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
 17253  		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
 17254  	}
 17255  
 17256  	if invalidParams.Len() > 0 {
 17257  		return invalidParams
 17258  	}
 17259  	return nil
 17260  }
 17261  
 17262  // SetAccountId sets the AccountId field's value.
 17263  func (s *DeregisterDelegatedAdministratorInput) SetAccountId(v string) *DeregisterDelegatedAdministratorInput {
 17264  	s.AccountId = &v
 17265  	return s
 17266  }
 17267  
 17268  // SetServicePrincipal sets the ServicePrincipal field's value.
 17269  func (s *DeregisterDelegatedAdministratorInput) SetServicePrincipal(v string) *DeregisterDelegatedAdministratorInput {
 17270  	s.ServicePrincipal = &v
 17271  	return s
 17272  }
 17273  
 17274  type DeregisterDelegatedAdministratorOutput struct {
 17275  	_ struct{} `type:"structure"`
 17276  }
 17277  
 17278  // String returns the string representation.
 17279  //
 17280  // API parameter values that are decorated as "sensitive" in the API will not
 17281  // be included in the string output. The member name will be present, but the
 17282  // value will be replaced with "sensitive".
 17283  func (s DeregisterDelegatedAdministratorOutput) String() string {
 17284  	return awsutil.Prettify(s)
 17285  }
 17286  
 17287  // GoString returns the string representation.
 17288  //
 17289  // API parameter values that are decorated as "sensitive" in the API will not
 17290  // be included in the string output. The member name will be present, but the
 17291  // value will be replaced with "sensitive".
 17292  func (s DeregisterDelegatedAdministratorOutput) GoString() string {
 17293  	return s.String()
 17294  }
 17295  
 17296  type DescribeAccountInput struct {
 17297  	_ struct{} `type:"structure"`
 17298  
 17299  	// The unique identifier (ID) of the AWS account that you want information about.
 17300  	// You can get the ID from the ListAccounts or ListAccountsForParent operations.
 17301  	//
 17302  	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
 17303  	// requires exactly 12 digits.
 17304  	//
 17305  	// AccountId is a required field
 17306  	AccountId *string `type:"string" required:"true"`
 17307  }
 17308  
 17309  // String returns the string representation.
 17310  //
 17311  // API parameter values that are decorated as "sensitive" in the API will not
 17312  // be included in the string output. The member name will be present, but the
 17313  // value will be replaced with "sensitive".
 17314  func (s DescribeAccountInput) String() string {
 17315  	return awsutil.Prettify(s)
 17316  }
 17317  
 17318  // GoString returns the string representation.
 17319  //
 17320  // API parameter values that are decorated as "sensitive" in the API will not
 17321  // be included in the string output. The member name will be present, but the
 17322  // value will be replaced with "sensitive".
 17323  func (s DescribeAccountInput) GoString() string {
 17324  	return s.String()
 17325  }
 17326  
 17327  // Validate inspects the fields of the type to determine if they are valid.
 17328  func (s *DescribeAccountInput) Validate() error {
 17329  	invalidParams := request.ErrInvalidParams{Context: "DescribeAccountInput"}
 17330  	if s.AccountId == nil {
 17331  		invalidParams.Add(request.NewErrParamRequired("AccountId"))
 17332  	}
 17333  
 17334  	if invalidParams.Len() > 0 {
 17335  		return invalidParams
 17336  	}
 17337  	return nil
 17338  }
 17339  
 17340  // SetAccountId sets the AccountId field's value.
 17341  func (s *DescribeAccountInput) SetAccountId(v string) *DescribeAccountInput {
 17342  	s.AccountId = &v
 17343  	return s
 17344  }
 17345  
 17346  type DescribeAccountOutput struct {
 17347  	_ struct{} `type:"structure"`
 17348  
 17349  	// A structure that contains information about the requested account.
 17350  	Account *Account `type:"structure"`
 17351  }
 17352  
 17353  // String returns the string representation.
 17354  //
 17355  // API parameter values that are decorated as "sensitive" in the API will not
 17356  // be included in the string output. The member name will be present, but the
 17357  // value will be replaced with "sensitive".
 17358  func (s DescribeAccountOutput) String() string {
 17359  	return awsutil.Prettify(s)
 17360  }
 17361  
 17362  // GoString returns the string representation.
 17363  //
 17364  // API parameter values that are decorated as "sensitive" in the API will not
 17365  // be included in the string output. The member name will be present, but the
 17366  // value will be replaced with "sensitive".
 17367  func (s DescribeAccountOutput) GoString() string {
 17368  	return s.String()
 17369  }
 17370  
 17371  // SetAccount sets the Account field's value.
 17372  func (s *DescribeAccountOutput) SetAccount(v *Account) *DescribeAccountOutput {
 17373  	s.Account = v
 17374  	return s
 17375  }
 17376  
 17377  type DescribeCreateAccountStatusInput struct {
 17378  	_ struct{} `type:"structure"`
 17379  
 17380  	// Specifies the Id value that uniquely identifies the CreateAccount request.
 17381  	// You can get the value from the CreateAccountStatus.Id response in an earlier
 17382  	// CreateAccount request, or from the ListCreateAccountStatus operation.
 17383  	//
 17384  	// The regex pattern (http://wikipedia.org/wiki/regex) for a create account
 17385  	// request ID string requires "car-" followed by from 8 to 32 lowercase letters
 17386  	// or digits.
 17387  	//
 17388  	// CreateAccountRequestId is a required field
 17389  	CreateAccountRequestId *string `type:"string" required:"true"`
 17390  }
 17391  
 17392  // String returns the string representation.
 17393  //
 17394  // API parameter values that are decorated as "sensitive" in the API will not
 17395  // be included in the string output. The member name will be present, but the
 17396  // value will be replaced with "sensitive".
 17397  func (s DescribeCreateAccountStatusInput) String() string {
 17398  	return awsutil.Prettify(s)
 17399  }
 17400  
 17401  // GoString returns the string representation.
 17402  //
 17403  // API parameter values that are decorated as "sensitive" in the API will not
 17404  // be included in the string output. The member name will be present, but the
 17405  // value will be replaced with "sensitive".
 17406  func (s DescribeCreateAccountStatusInput) GoString() string {
 17407  	return s.String()
 17408  }
 17409  
 17410  // Validate inspects the fields of the type to determine if they are valid.
 17411  func (s *DescribeCreateAccountStatusInput) Validate() error {
 17412  	invalidParams := request.ErrInvalidParams{Context: "DescribeCreateAccountStatusInput"}
 17413  	if s.CreateAccountRequestId == nil {
 17414  		invalidParams.Add(request.NewErrParamRequired("CreateAccountRequestId"))
 17415  	}
 17416  
 17417  	if invalidParams.Len() > 0 {
 17418  		return invalidParams
 17419  	}
 17420  	return nil
 17421  }
 17422  
 17423  // SetCreateAccountRequestId sets the CreateAccountRequestId field's value.
 17424  func (s *DescribeCreateAccountStatusInput) SetCreateAccountRequestId(v string) *DescribeCreateAccountStatusInput {
 17425  	s.CreateAccountRequestId = &v
 17426  	return s
 17427  }
 17428  
 17429  type DescribeCreateAccountStatusOutput struct {
 17430  	_ struct{} `type:"structure"`
 17431  
 17432  	// A structure that contains the current status of an account creation request.
 17433  	CreateAccountStatus *CreateAccountStatus `type:"structure"`
 17434  }
 17435  
 17436  // String returns the string representation.
 17437  //
 17438  // API parameter values that are decorated as "sensitive" in the API will not
 17439  // be included in the string output. The member name will be present, but the
 17440  // value will be replaced with "sensitive".
 17441  func (s DescribeCreateAccountStatusOutput) String() string {
 17442  	return awsutil.Prettify(s)
 17443  }
 17444  
 17445  // GoString returns the string representation.
 17446  //
 17447  // API parameter values that are decorated as "sensitive" in the API will not
 17448  // be included in the string output. The member name will be present, but the
 17449  // value will be replaced with "sensitive".
 17450  func (s DescribeCreateAccountStatusOutput) GoString() string {
 17451  	return s.String()
 17452  }
 17453  
 17454  // SetCreateAccountStatus sets the CreateAccountStatus field's value.
 17455  func (s *DescribeCreateAccountStatusOutput) SetCreateAccountStatus(v *CreateAccountStatus) *DescribeCreateAccountStatusOutput {
 17456  	s.CreateAccountStatus = v
 17457  	return s
 17458  }
 17459  
 17460  type DescribeEffectivePolicyInput struct {
 17461  	_ struct{} `type:"structure"`
 17462  
 17463  	// The type of policy that you want information about. You can specify one of
 17464  	// the following values:
 17465  	//
 17466  	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
 17467  	//
 17468  	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
 17469  	//
 17470  	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
 17471  	//
 17472  	// PolicyType is a required field
 17473  	PolicyType *string `type:"string" required:"true" enum:"EffectivePolicyType"`
 17474  
 17475  	// When you're signed in as the management account, specify the ID of the account
 17476  	// that you want details about. Specifying an organization root or organizational
 17477  	// unit (OU) as the target is not supported.
 17478  	TargetId *string `type:"string"`
 17479  }
 17480  
 17481  // String returns the string representation.
 17482  //
 17483  // API parameter values that are decorated as "sensitive" in the API will not
 17484  // be included in the string output. The member name will be present, but the
 17485  // value will be replaced with "sensitive".
 17486  func (s DescribeEffectivePolicyInput) String() string {
 17487  	return awsutil.Prettify(s)
 17488  }
 17489  
 17490  // GoString returns the string representation.
 17491  //
 17492  // API parameter values that are decorated as "sensitive" in the API will not
 17493  // be included in the string output. The member name will be present, but the
 17494  // value will be replaced with "sensitive".
 17495  func (s DescribeEffectivePolicyInput) GoString() string {
 17496  	return s.String()
 17497  }
 17498  
 17499  // Validate inspects the fields of the type to determine if they are valid.
 17500  func (s *DescribeEffectivePolicyInput) Validate() error {
 17501  	invalidParams := request.ErrInvalidParams{Context: "DescribeEffectivePolicyInput"}
 17502  	if s.PolicyType == nil {
 17503  		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
 17504  	}
 17505  
 17506  	if invalidParams.Len() > 0 {
 17507  		return invalidParams
 17508  	}
 17509  	return nil
 17510  }
 17511  
 17512  // SetPolicyType sets the PolicyType field's value.
 17513  func (s *DescribeEffectivePolicyInput) SetPolicyType(v string) *DescribeEffectivePolicyInput {
 17514  	s.PolicyType = &v
 17515  	return s
 17516  }
 17517  
 17518  // SetTargetId sets the TargetId field's value.
 17519  func (s *DescribeEffectivePolicyInput) SetTargetId(v string) *DescribeEffectivePolicyInput {
 17520  	s.TargetId = &v
 17521  	return s
 17522  }
 17523  
 17524  type DescribeEffectivePolicyOutput struct {
 17525  	_ struct{} `type:"structure"`
 17526  
 17527  	// The contents of the effective policy.
 17528  	EffectivePolicy *EffectivePolicy `type:"structure"`
 17529  }
 17530  
 17531  // String returns the string representation.
 17532  //
 17533  // API parameter values that are decorated as "sensitive" in the API will not
 17534  // be included in the string output. The member name will be present, but the
 17535  // value will be replaced with "sensitive".
 17536  func (s DescribeEffectivePolicyOutput) String() string {
 17537  	return awsutil.Prettify(s)
 17538  }
 17539  
 17540  // GoString returns the string representation.
 17541  //
 17542  // API parameter values that are decorated as "sensitive" in the API will not
 17543  // be included in the string output. The member name will be present, but the
 17544  // value will be replaced with "sensitive".
 17545  func (s DescribeEffectivePolicyOutput) GoString() string {
 17546  	return s.String()
 17547  }
 17548  
 17549  // SetEffectivePolicy sets the EffectivePolicy field's value.
 17550  func (s *DescribeEffectivePolicyOutput) SetEffectivePolicy(v *EffectivePolicy) *DescribeEffectivePolicyOutput {
 17551  	s.EffectivePolicy = v
 17552  	return s
 17553  }
 17554  
 17555  type DescribeHandshakeInput struct {
 17556  	_ struct{} `type:"structure"`
 17557  
 17558  	// The unique identifier (ID) of the handshake that you want information about.
 17559  	// You can get the ID from the original call to InviteAccountToOrganization,
 17560  	// or from a call to ListHandshakesForAccount or ListHandshakesForOrganization.
 17561  	//
 17562  	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
 17563  	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
 17564  	//
 17565  	// HandshakeId is a required field
 17566  	HandshakeId *string `type:"string" required:"true"`
 17567  }
 17568  
 17569  // String returns the string representation.
 17570  //
 17571  // API parameter values that are decorated as "sensitive" in the API will not
 17572  // be included in the string output. The member name will be present, but the
 17573  // value will be replaced with "sensitive".
 17574  func (s DescribeHandshakeInput) String() string {
 17575  	return awsutil.Prettify(s)
 17576  }
 17577  
 17578  // GoString returns the string representation.
 17579  //
 17580  // API parameter values that are decorated as "sensitive" in the API will not
 17581  // be included in the string output. The member name will be present, but the
 17582  // value will be replaced with "sensitive".
 17583  func (s DescribeHandshakeInput) GoString() string {
 17584  	return s.String()
 17585  }
 17586  
 17587  // Validate inspects the fields of the type to determine if they are valid.
 17588  func (s *DescribeHandshakeInput) Validate() error {
 17589  	invalidParams := request.ErrInvalidParams{Context: "DescribeHandshakeInput"}
 17590  	if s.HandshakeId == nil {
 17591  		invalidParams.Add(request.NewErrParamRequired("HandshakeId"))
 17592  	}
 17593  
 17594  	if invalidParams.Len() > 0 {
 17595  		return invalidParams
 17596  	}
 17597  	return nil
 17598  }
 17599  
 17600  // SetHandshakeId sets the HandshakeId field's value.
 17601  func (s *DescribeHandshakeInput) SetHandshakeId(v string) *DescribeHandshakeInput {
 17602  	s.HandshakeId = &v
 17603  	return s
 17604  }
 17605  
 17606  type DescribeHandshakeOutput struct {
 17607  	_ struct{} `type:"structure"`
 17608  
 17609  	// A structure that contains information about the specified handshake.
 17610  	Handshake *Handshake `type:"structure"`
 17611  }
 17612  
 17613  // String returns the string representation.
 17614  //
 17615  // API parameter values that are decorated as "sensitive" in the API will not
 17616  // be included in the string output. The member name will be present, but the
 17617  // value will be replaced with "sensitive".
 17618  func (s DescribeHandshakeOutput) String() string {
 17619  	return awsutil.Prettify(s)
 17620  }
 17621  
 17622  // GoString returns the string representation.
 17623  //
 17624  // API parameter values that are decorated as "sensitive" in the API will not
 17625  // be included in the string output. The member name will be present, but the
 17626  // value will be replaced with "sensitive".
 17627  func (s DescribeHandshakeOutput) GoString() string {
 17628  	return s.String()
 17629  }
 17630  
 17631  // SetHandshake sets the Handshake field's value.
 17632  func (s *DescribeHandshakeOutput) SetHandshake(v *Handshake) *DescribeHandshakeOutput {
 17633  	s.Handshake = v
 17634  	return s
 17635  }
 17636  
 17637  type DescribeOrganizationInput struct {
 17638  	_ struct{} `type:"structure"`
 17639  }
 17640  
 17641  // String returns the string representation.
 17642  //
 17643  // API parameter values that are decorated as "sensitive" in the API will not
 17644  // be included in the string output. The member name will be present, but the
 17645  // value will be replaced with "sensitive".
 17646  func (s DescribeOrganizationInput) String() string {
 17647  	return awsutil.Prettify(s)
 17648  }
 17649  
 17650  // GoString returns the string representation.
 17651  //
 17652  // API parameter values that are decorated as "sensitive" in the API will not
 17653  // be included in the string output. The member name will be present, but the
 17654  // value will be replaced with "sensitive".
 17655  func (s DescribeOrganizationInput) GoString() string {
 17656  	return s.String()
 17657  }
 17658  
 17659  type DescribeOrganizationOutput struct {
 17660  	_ struct{} `type:"structure"`
 17661  
 17662  	// A structure that contains information about the organization.
 17663  	//
 17664  	// The AvailablePolicyTypes part of the response is deprecated, and you shouldn't
 17665  	// use it in your apps. It doesn't include any policy type supported by Organizations
 17666  	// other than SCPs. To determine which policy types are enabled in your organization,
 17667  	// use the ListRoots operation.
 17668  	Organization *Organization `type:"structure"`
 17669  }
 17670  
 17671  // String returns the string representation.
 17672  //
 17673  // API parameter values that are decorated as "sensitive" in the API will not
 17674  // be included in the string output. The member name will be present, but the
 17675  // value will be replaced with "sensitive".
 17676  func (s DescribeOrganizationOutput) String() string {
 17677  	return awsutil.Prettify(s)
 17678  }
 17679  
 17680  // GoString returns the string representation.
 17681  //
 17682  // API parameter values that are decorated as "sensitive" in the API will not
 17683  // be included in the string output. The member name will be present, but the
 17684  // value will be replaced with "sensitive".
 17685  func (s DescribeOrganizationOutput) GoString() string {
 17686  	return s.String()
 17687  }
 17688  
 17689  // SetOrganization sets the Organization field's value.
 17690  func (s *DescribeOrganizationOutput) SetOrganization(v *Organization) *DescribeOrganizationOutput {
 17691  	s.Organization = v
 17692  	return s
 17693  }
 17694  
 17695  type DescribeOrganizationalUnitInput struct {
 17696  	_ struct{} `type:"structure"`
 17697  
 17698  	// The unique identifier (ID) of the organizational unit that you want details
 17699  	// about. You can get the ID from the ListOrganizationalUnitsForParent operation.
 17700  	//
 17701  	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
 17702  	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
 17703  	// or digits (the ID of the root that contains the OU). This string is followed
 17704  	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
 17705  	//
 17706  	// OrganizationalUnitId is a required field
 17707  	OrganizationalUnitId *string `type:"string" required:"true"`
 17708  }
 17709  
 17710  // String returns the string representation.
 17711  //
 17712  // API parameter values that are decorated as "sensitive" in the API will not
 17713  // be included in the string output. The member name will be present, but the
 17714  // value will be replaced with "sensitive".
 17715  func (s DescribeOrganizationalUnitInput) String() string {
 17716  	return awsutil.Prettify(s)
 17717  }
 17718  
 17719  // GoString returns the string representation.
 17720  //
 17721  // API parameter values that are decorated as "sensitive" in the API will not
 17722  // be included in the string output. The member name will be present, but the
 17723  // value will be replaced with "sensitive".
 17724  func (s DescribeOrganizationalUnitInput) GoString() string {
 17725  	return s.String()
 17726  }
 17727  
 17728  // Validate inspects the fields of the type to determine if they are valid.
 17729  func (s *DescribeOrganizationalUnitInput) Validate() error {
 17730  	invalidParams := request.ErrInvalidParams{Context: "DescribeOrganizationalUnitInput"}
 17731  	if s.OrganizationalUnitId == nil {
 17732  		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
 17733  	}
 17734  
 17735  	if invalidParams.Len() > 0 {
 17736  		return invalidParams
 17737  	}
 17738  	return nil
 17739  }
 17740  
 17741  // SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
 17742  func (s *DescribeOrganizationalUnitInput) SetOrganizationalUnitId(v string) *DescribeOrganizationalUnitInput {
 17743  	s.OrganizationalUnitId = &v
 17744  	return s
 17745  }
 17746  
 17747  type DescribeOrganizationalUnitOutput struct {
 17748  	_ struct{} `type:"structure"`
 17749  
 17750  	// A structure that contains details about the specified OU.
 17751  	OrganizationalUnit *OrganizationalUnit `type:"structure"`
 17752  }
 17753  
 17754  // String returns the string representation.
 17755  //
 17756  // API parameter values that are decorated as "sensitive" in the API will not
 17757  // be included in the string output. The member name will be present, but the
 17758  // value will be replaced with "sensitive".
 17759  func (s DescribeOrganizationalUnitOutput) String() string {
 17760  	return awsutil.Prettify(s)
 17761  }
 17762  
 17763  // GoString returns the string representation.
 17764  //
 17765  // API parameter values that are decorated as "sensitive" in the API will not
 17766  // be included in the string output. The member name will be present, but the
 17767  // value will be replaced with "sensitive".
 17768  func (s DescribeOrganizationalUnitOutput) GoString() string {
 17769  	return s.String()
 17770  }
 17771  
 17772  // SetOrganizationalUnit sets the OrganizationalUnit field's value.
 17773  func (s *DescribeOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *DescribeOrganizationalUnitOutput {
 17774  	s.OrganizationalUnit = v
 17775  	return s
 17776  }
 17777  
 17778  type DescribePolicyInput struct {
 17779  	_ struct{} `type:"structure"`
 17780  
 17781  	// The unique identifier (ID) of the policy that you want details about. You
 17782  	// can get the ID from the ListPolicies or ListPoliciesForTarget operations.
 17783  	//
 17784  	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
 17785  	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
 17786  	// or the underscore character (_).
 17787  	//
 17788  	// PolicyId is a required field
 17789  	PolicyId *string `type:"string" required:"true"`
 17790  }
 17791  
 17792  // String returns the string representation.
 17793  //
 17794  // API parameter values that are decorated as "sensitive" in the API will not
 17795  // be included in the string output. The member name will be present, but the
 17796  // value will be replaced with "sensitive".
 17797  func (s DescribePolicyInput) String() string {
 17798  	return awsutil.Prettify(s)
 17799  }
 17800  
 17801  // GoString returns the string representation.
 17802  //
 17803  // API parameter values that are decorated as "sensitive" in the API will not
 17804  // be included in the string output. The member name will be present, but the
 17805  // value will be replaced with "sensitive".
 17806  func (s DescribePolicyInput) GoString() string {
 17807  	return s.String()
 17808  }
 17809  
 17810  // Validate inspects the fields of the type to determine if they are valid.
 17811  func (s *DescribePolicyInput) Validate() error {
 17812  	invalidParams := request.ErrInvalidParams{Context: "DescribePolicyInput"}
 17813  	if s.PolicyId == nil {
 17814  		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
 17815  	}
 17816  
 17817  	if invalidParams.Len() > 0 {
 17818  		return invalidParams
 17819  	}
 17820  	return nil
 17821  }
 17822  
 17823  // SetPolicyId sets the PolicyId field's value.
 17824  func (s *DescribePolicyInput) SetPolicyId(v string) *DescribePolicyInput {
 17825  	s.PolicyId = &v
 17826  	return s
 17827  }
 17828  
 17829  type DescribePolicyOutput struct {
 17830  	_ struct{} `type:"structure"`
 17831  
 17832  	// A structure that contains details about the specified policy.
 17833  	Policy *Policy `type:"structure"`
 17834  }
 17835  
 17836  // String returns the string representation.
 17837  //
 17838  // API parameter values that are decorated as "sensitive" in the API will not
 17839  // be included in the string output. The member name will be present, but the
 17840  // value will be replaced with "sensitive".
 17841  func (s DescribePolicyOutput) String() string {
 17842  	return awsutil.Prettify(s)
 17843  }
 17844  
 17845  // GoString returns the string representation.
 17846  //
 17847  // API parameter values that are decorated as "sensitive" in the API will not
 17848  // be included in the string output. The member name will be present, but the
 17849  // value will be replaced with "sensitive".
 17850  func (s DescribePolicyOutput) GoString() string {
 17851  	return s.String()
 17852  }
 17853  
 17854  // SetPolicy sets the Policy field's value.
 17855  func (s *DescribePolicyOutput) SetPolicy(v *Policy) *DescribePolicyOutput {
 17856  	s.Policy = v
 17857  	return s
 17858  }
 17859  
 17860  // We can't find the destination container (a root or OU) with the ParentId
 17861  // that you specified.
 17862  type DestinationParentNotFoundException struct {
 17863  	_            struct{}                  `type:"structure"`
 17864  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 17865  
 17866  	Message_ *string `locationName:"Message" type:"string"`
 17867  }
 17868  
 17869  // String returns the string representation.
 17870  //
 17871  // API parameter values that are decorated as "sensitive" in the API will not
 17872  // be included in the string output. The member name will be present, but the
 17873  // value will be replaced with "sensitive".
 17874  func (s DestinationParentNotFoundException) String() string {
 17875  	return awsutil.Prettify(s)
 17876  }
 17877  
 17878  // GoString returns the string representation.
 17879  //
 17880  // API parameter values that are decorated as "sensitive" in the API will not
 17881  // be included in the string output. The member name will be present, but the
 17882  // value will be replaced with "sensitive".
 17883  func (s DestinationParentNotFoundException) GoString() string {
 17884  	return s.String()
 17885  }
 17886  
 17887  func newErrorDestinationParentNotFoundException(v protocol.ResponseMetadata) error {
 17888  	return &DestinationParentNotFoundException{
 17889  		RespMetadata: v,
 17890  	}
 17891  }
 17892  
 17893  // Code returns the exception type name.
 17894  func (s *DestinationParentNotFoundException) Code() string {
 17895  	return "DestinationParentNotFoundException"
 17896  }
 17897  
 17898  // Message returns the exception's message.
 17899  func (s *DestinationParentNotFoundException) Message() string {
 17900  	if s.Message_ != nil {
 17901  		return *s.Message_
 17902  	}
 17903  	return ""
 17904  }
 17905  
 17906  // OrigErr always returns nil, satisfies awserr.Error interface.
 17907  func (s *DestinationParentNotFoundException) OrigErr() error {
 17908  	return nil
 17909  }
 17910  
 17911  func (s *DestinationParentNotFoundException) Error() string {
 17912  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 17913  }
 17914  
 17915  // Status code returns the HTTP status code for the request's response error.
 17916  func (s *DestinationParentNotFoundException) StatusCode() int {
 17917  	return s.RespMetadata.StatusCode
 17918  }
 17919  
 17920  // RequestID returns the service's response RequestID for request.
 17921  func (s *DestinationParentNotFoundException) RequestID() string {
 17922  	return s.RespMetadata.RequestID
 17923  }
 17924  
 17925  type DetachPolicyInput struct {
 17926  	_ struct{} `type:"structure"`
 17927  
 17928  	// The unique identifier (ID) of the policy you want to detach. You can get
 17929  	// the ID from the ListPolicies or ListPoliciesForTarget operations.
 17930  	//
 17931  	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
 17932  	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
 17933  	// or the underscore character (_).
 17934  	//
 17935  	// PolicyId is a required field
 17936  	PolicyId *string `type:"string" required:"true"`
 17937  
 17938  	// The unique identifier (ID) of the root, OU, or account that you want to detach
 17939  	// the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent,
 17940  	// or ListAccounts operations.
 17941  	//
 17942  	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
 17943  	// requires one of the following:
 17944  	//
 17945  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 17946  	//    letters or digits.
 17947  	//
 17948  	//    * Account - A string that consists of exactly 12 digits.
 17949  	//
 17950  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 17951  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 17952  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 17953  	//    32 additional lowercase letters or digits.
 17954  	//
 17955  	// TargetId is a required field
 17956  	TargetId *string `type:"string" required:"true"`
 17957  }
 17958  
 17959  // String returns the string representation.
 17960  //
 17961  // API parameter values that are decorated as "sensitive" in the API will not
 17962  // be included in the string output. The member name will be present, but the
 17963  // value will be replaced with "sensitive".
 17964  func (s DetachPolicyInput) String() string {
 17965  	return awsutil.Prettify(s)
 17966  }
 17967  
 17968  // GoString returns the string representation.
 17969  //
 17970  // API parameter values that are decorated as "sensitive" in the API will not
 17971  // be included in the string output. The member name will be present, but the
 17972  // value will be replaced with "sensitive".
 17973  func (s DetachPolicyInput) GoString() string {
 17974  	return s.String()
 17975  }
 17976  
 17977  // Validate inspects the fields of the type to determine if they are valid.
 17978  func (s *DetachPolicyInput) Validate() error {
 17979  	invalidParams := request.ErrInvalidParams{Context: "DetachPolicyInput"}
 17980  	if s.PolicyId == nil {
 17981  		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
 17982  	}
 17983  	if s.TargetId == nil {
 17984  		invalidParams.Add(request.NewErrParamRequired("TargetId"))
 17985  	}
 17986  
 17987  	if invalidParams.Len() > 0 {
 17988  		return invalidParams
 17989  	}
 17990  	return nil
 17991  }
 17992  
 17993  // SetPolicyId sets the PolicyId field's value.
 17994  func (s *DetachPolicyInput) SetPolicyId(v string) *DetachPolicyInput {
 17995  	s.PolicyId = &v
 17996  	return s
 17997  }
 17998  
 17999  // SetTargetId sets the TargetId field's value.
 18000  func (s *DetachPolicyInput) SetTargetId(v string) *DetachPolicyInput {
 18001  	s.TargetId = &v
 18002  	return s
 18003  }
 18004  
 18005  type DetachPolicyOutput struct {
 18006  	_ struct{} `type:"structure"`
 18007  }
 18008  
 18009  // String returns the string representation.
 18010  //
 18011  // API parameter values that are decorated as "sensitive" in the API will not
 18012  // be included in the string output. The member name will be present, but the
 18013  // value will be replaced with "sensitive".
 18014  func (s DetachPolicyOutput) String() string {
 18015  	return awsutil.Prettify(s)
 18016  }
 18017  
 18018  // GoString returns the string representation.
 18019  //
 18020  // API parameter values that are decorated as "sensitive" in the API will not
 18021  // be included in the string output. The member name will be present, but the
 18022  // value will be replaced with "sensitive".
 18023  func (s DetachPolicyOutput) GoString() string {
 18024  	return s.String()
 18025  }
 18026  
 18027  type DisableAWSServiceAccessInput struct {
 18028  	_ struct{} `type:"structure"`
 18029  
 18030  	// The service principal name of the AWS service for which you want to disable
 18031  	// integration with your organization. This is typically in the form of a URL,
 18032  	// such as service-abbreviation.amazonaws.com.
 18033  	//
 18034  	// ServicePrincipal is a required field
 18035  	ServicePrincipal *string `min:"1" type:"string" required:"true"`
 18036  }
 18037  
 18038  // String returns the string representation.
 18039  //
 18040  // API parameter values that are decorated as "sensitive" in the API will not
 18041  // be included in the string output. The member name will be present, but the
 18042  // value will be replaced with "sensitive".
 18043  func (s DisableAWSServiceAccessInput) String() string {
 18044  	return awsutil.Prettify(s)
 18045  }
 18046  
 18047  // GoString returns the string representation.
 18048  //
 18049  // API parameter values that are decorated as "sensitive" in the API will not
 18050  // be included in the string output. The member name will be present, but the
 18051  // value will be replaced with "sensitive".
 18052  func (s DisableAWSServiceAccessInput) GoString() string {
 18053  	return s.String()
 18054  }
 18055  
 18056  // Validate inspects the fields of the type to determine if they are valid.
 18057  func (s *DisableAWSServiceAccessInput) Validate() error {
 18058  	invalidParams := request.ErrInvalidParams{Context: "DisableAWSServiceAccessInput"}
 18059  	if s.ServicePrincipal == nil {
 18060  		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
 18061  	}
 18062  	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
 18063  		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
 18064  	}
 18065  
 18066  	if invalidParams.Len() > 0 {
 18067  		return invalidParams
 18068  	}
 18069  	return nil
 18070  }
 18071  
 18072  // SetServicePrincipal sets the ServicePrincipal field's value.
 18073  func (s *DisableAWSServiceAccessInput) SetServicePrincipal(v string) *DisableAWSServiceAccessInput {
 18074  	s.ServicePrincipal = &v
 18075  	return s
 18076  }
 18077  
 18078  type DisableAWSServiceAccessOutput struct {
 18079  	_ struct{} `type:"structure"`
 18080  }
 18081  
 18082  // String returns the string representation.
 18083  //
 18084  // API parameter values that are decorated as "sensitive" in the API will not
 18085  // be included in the string output. The member name will be present, but the
 18086  // value will be replaced with "sensitive".
 18087  func (s DisableAWSServiceAccessOutput) String() string {
 18088  	return awsutil.Prettify(s)
 18089  }
 18090  
 18091  // GoString returns the string representation.
 18092  //
 18093  // API parameter values that are decorated as "sensitive" in the API will not
 18094  // be included in the string output. The member name will be present, but the
 18095  // value will be replaced with "sensitive".
 18096  func (s DisableAWSServiceAccessOutput) GoString() string {
 18097  	return s.String()
 18098  }
 18099  
 18100  type DisablePolicyTypeInput struct {
 18101  	_ struct{} `type:"structure"`
 18102  
 18103  	// The policy type that you want to disable in this root. You can specify one
 18104  	// of the following values:
 18105  	//
 18106  	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
 18107  	//
 18108  	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
 18109  	//
 18110  	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
 18111  	//
 18112  	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
 18113  	//
 18114  	// PolicyType is a required field
 18115  	PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
 18116  
 18117  	// The unique identifier (ID) of the root in which you want to disable a policy
 18118  	// type. You can get the ID from the ListRoots operation.
 18119  	//
 18120  	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
 18121  	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
 18122  	//
 18123  	// RootId is a required field
 18124  	RootId *string `type:"string" required:"true"`
 18125  }
 18126  
 18127  // String returns the string representation.
 18128  //
 18129  // API parameter values that are decorated as "sensitive" in the API will not
 18130  // be included in the string output. The member name will be present, but the
 18131  // value will be replaced with "sensitive".
 18132  func (s DisablePolicyTypeInput) String() string {
 18133  	return awsutil.Prettify(s)
 18134  }
 18135  
 18136  // GoString returns the string representation.
 18137  //
 18138  // API parameter values that are decorated as "sensitive" in the API will not
 18139  // be included in the string output. The member name will be present, but the
 18140  // value will be replaced with "sensitive".
 18141  func (s DisablePolicyTypeInput) GoString() string {
 18142  	return s.String()
 18143  }
 18144  
 18145  // Validate inspects the fields of the type to determine if they are valid.
 18146  func (s *DisablePolicyTypeInput) Validate() error {
 18147  	invalidParams := request.ErrInvalidParams{Context: "DisablePolicyTypeInput"}
 18148  	if s.PolicyType == nil {
 18149  		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
 18150  	}
 18151  	if s.RootId == nil {
 18152  		invalidParams.Add(request.NewErrParamRequired("RootId"))
 18153  	}
 18154  
 18155  	if invalidParams.Len() > 0 {
 18156  		return invalidParams
 18157  	}
 18158  	return nil
 18159  }
 18160  
 18161  // SetPolicyType sets the PolicyType field's value.
 18162  func (s *DisablePolicyTypeInput) SetPolicyType(v string) *DisablePolicyTypeInput {
 18163  	s.PolicyType = &v
 18164  	return s
 18165  }
 18166  
 18167  // SetRootId sets the RootId field's value.
 18168  func (s *DisablePolicyTypeInput) SetRootId(v string) *DisablePolicyTypeInput {
 18169  	s.RootId = &v
 18170  	return s
 18171  }
 18172  
 18173  type DisablePolicyTypeOutput struct {
 18174  	_ struct{} `type:"structure"`
 18175  
 18176  	// A structure that shows the root with the updated list of enabled policy types.
 18177  	Root *Root `type:"structure"`
 18178  }
 18179  
 18180  // String returns the string representation.
 18181  //
 18182  // API parameter values that are decorated as "sensitive" in the API will not
 18183  // be included in the string output. The member name will be present, but the
 18184  // value will be replaced with "sensitive".
 18185  func (s DisablePolicyTypeOutput) String() string {
 18186  	return awsutil.Prettify(s)
 18187  }
 18188  
 18189  // GoString returns the string representation.
 18190  //
 18191  // API parameter values that are decorated as "sensitive" in the API will not
 18192  // be included in the string output. The member name will be present, but the
 18193  // value will be replaced with "sensitive".
 18194  func (s DisablePolicyTypeOutput) GoString() string {
 18195  	return s.String()
 18196  }
 18197  
 18198  // SetRoot sets the Root field's value.
 18199  func (s *DisablePolicyTypeOutput) SetRoot(v *Root) *DisablePolicyTypeOutput {
 18200  	s.Root = v
 18201  	return s
 18202  }
 18203  
 18204  // That account is already present in the specified destination.
 18205  type DuplicateAccountException struct {
 18206  	_            struct{}                  `type:"structure"`
 18207  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 18208  
 18209  	Message_ *string `locationName:"Message" type:"string"`
 18210  }
 18211  
 18212  // String returns the string representation.
 18213  //
 18214  // API parameter values that are decorated as "sensitive" in the API will not
 18215  // be included in the string output. The member name will be present, but the
 18216  // value will be replaced with "sensitive".
 18217  func (s DuplicateAccountException) String() string {
 18218  	return awsutil.Prettify(s)
 18219  }
 18220  
 18221  // GoString returns the string representation.
 18222  //
 18223  // API parameter values that are decorated as "sensitive" in the API will not
 18224  // be included in the string output. The member name will be present, but the
 18225  // value will be replaced with "sensitive".
 18226  func (s DuplicateAccountException) GoString() string {
 18227  	return s.String()
 18228  }
 18229  
 18230  func newErrorDuplicateAccountException(v protocol.ResponseMetadata) error {
 18231  	return &DuplicateAccountException{
 18232  		RespMetadata: v,
 18233  	}
 18234  }
 18235  
 18236  // Code returns the exception type name.
 18237  func (s *DuplicateAccountException) Code() string {
 18238  	return "DuplicateAccountException"
 18239  }
 18240  
 18241  // Message returns the exception's message.
 18242  func (s *DuplicateAccountException) Message() string {
 18243  	if s.Message_ != nil {
 18244  		return *s.Message_
 18245  	}
 18246  	return ""
 18247  }
 18248  
 18249  // OrigErr always returns nil, satisfies awserr.Error interface.
 18250  func (s *DuplicateAccountException) OrigErr() error {
 18251  	return nil
 18252  }
 18253  
 18254  func (s *DuplicateAccountException) Error() string {
 18255  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 18256  }
 18257  
 18258  // Status code returns the HTTP status code for the request's response error.
 18259  func (s *DuplicateAccountException) StatusCode() int {
 18260  	return s.RespMetadata.StatusCode
 18261  }
 18262  
 18263  // RequestID returns the service's response RequestID for request.
 18264  func (s *DuplicateAccountException) RequestID() string {
 18265  	return s.RespMetadata.RequestID
 18266  }
 18267  
 18268  // A handshake with the same action and target already exists. For example,
 18269  // if you invited an account to join your organization, the invited account
 18270  // might already have a pending invitation from this organization. If you intend
 18271  // to resend an invitation to an account, ensure that existing handshakes that
 18272  // might be considered duplicates are canceled or declined.
 18273  type DuplicateHandshakeException struct {
 18274  	_            struct{}                  `type:"structure"`
 18275  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 18276  
 18277  	Message_ *string `locationName:"Message" type:"string"`
 18278  }
 18279  
 18280  // String returns the string representation.
 18281  //
 18282  // API parameter values that are decorated as "sensitive" in the API will not
 18283  // be included in the string output. The member name will be present, but the
 18284  // value will be replaced with "sensitive".
 18285  func (s DuplicateHandshakeException) String() string {
 18286  	return awsutil.Prettify(s)
 18287  }
 18288  
 18289  // GoString returns the string representation.
 18290  //
 18291  // API parameter values that are decorated as "sensitive" in the API will not
 18292  // be included in the string output. The member name will be present, but the
 18293  // value will be replaced with "sensitive".
 18294  func (s DuplicateHandshakeException) GoString() string {
 18295  	return s.String()
 18296  }
 18297  
 18298  func newErrorDuplicateHandshakeException(v protocol.ResponseMetadata) error {
 18299  	return &DuplicateHandshakeException{
 18300  		RespMetadata: v,
 18301  	}
 18302  }
 18303  
 18304  // Code returns the exception type name.
 18305  func (s *DuplicateHandshakeException) Code() string {
 18306  	return "DuplicateHandshakeException"
 18307  }
 18308  
 18309  // Message returns the exception's message.
 18310  func (s *DuplicateHandshakeException) Message() string {
 18311  	if s.Message_ != nil {
 18312  		return *s.Message_
 18313  	}
 18314  	return ""
 18315  }
 18316  
 18317  // OrigErr always returns nil, satisfies awserr.Error interface.
 18318  func (s *DuplicateHandshakeException) OrigErr() error {
 18319  	return nil
 18320  }
 18321  
 18322  func (s *DuplicateHandshakeException) Error() string {
 18323  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 18324  }
 18325  
 18326  // Status code returns the HTTP status code for the request's response error.
 18327  func (s *DuplicateHandshakeException) StatusCode() int {
 18328  	return s.RespMetadata.StatusCode
 18329  }
 18330  
 18331  // RequestID returns the service's response RequestID for request.
 18332  func (s *DuplicateHandshakeException) RequestID() string {
 18333  	return s.RespMetadata.RequestID
 18334  }
 18335  
 18336  // An OU with the same name already exists.
 18337  type DuplicateOrganizationalUnitException struct {
 18338  	_            struct{}                  `type:"structure"`
 18339  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 18340  
 18341  	Message_ *string `locationName:"Message" type:"string"`
 18342  }
 18343  
 18344  // String returns the string representation.
 18345  //
 18346  // API parameter values that are decorated as "sensitive" in the API will not
 18347  // be included in the string output. The member name will be present, but the
 18348  // value will be replaced with "sensitive".
 18349  func (s DuplicateOrganizationalUnitException) String() string {
 18350  	return awsutil.Prettify(s)
 18351  }
 18352  
 18353  // GoString returns the string representation.
 18354  //
 18355  // API parameter values that are decorated as "sensitive" in the API will not
 18356  // be included in the string output. The member name will be present, but the
 18357  // value will be replaced with "sensitive".
 18358  func (s DuplicateOrganizationalUnitException) GoString() string {
 18359  	return s.String()
 18360  }
 18361  
 18362  func newErrorDuplicateOrganizationalUnitException(v protocol.ResponseMetadata) error {
 18363  	return &DuplicateOrganizationalUnitException{
 18364  		RespMetadata: v,
 18365  	}
 18366  }
 18367  
 18368  // Code returns the exception type name.
 18369  func (s *DuplicateOrganizationalUnitException) Code() string {
 18370  	return "DuplicateOrganizationalUnitException"
 18371  }
 18372  
 18373  // Message returns the exception's message.
 18374  func (s *DuplicateOrganizationalUnitException) Message() string {
 18375  	if s.Message_ != nil {
 18376  		return *s.Message_
 18377  	}
 18378  	return ""
 18379  }
 18380  
 18381  // OrigErr always returns nil, satisfies awserr.Error interface.
 18382  func (s *DuplicateOrganizationalUnitException) OrigErr() error {
 18383  	return nil
 18384  }
 18385  
 18386  func (s *DuplicateOrganizationalUnitException) Error() string {
 18387  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 18388  }
 18389  
 18390  // Status code returns the HTTP status code for the request's response error.
 18391  func (s *DuplicateOrganizationalUnitException) StatusCode() int {
 18392  	return s.RespMetadata.StatusCode
 18393  }
 18394  
 18395  // RequestID returns the service's response RequestID for request.
 18396  func (s *DuplicateOrganizationalUnitException) RequestID() string {
 18397  	return s.RespMetadata.RequestID
 18398  }
 18399  
 18400  // The selected policy is already attached to the specified target.
 18401  type DuplicatePolicyAttachmentException struct {
 18402  	_            struct{}                  `type:"structure"`
 18403  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 18404  
 18405  	Message_ *string `locationName:"Message" type:"string"`
 18406  }
 18407  
 18408  // String returns the string representation.
 18409  //
 18410  // API parameter values that are decorated as "sensitive" in the API will not
 18411  // be included in the string output. The member name will be present, but the
 18412  // value will be replaced with "sensitive".
 18413  func (s DuplicatePolicyAttachmentException) String() string {
 18414  	return awsutil.Prettify(s)
 18415  }
 18416  
 18417  // GoString returns the string representation.
 18418  //
 18419  // API parameter values that are decorated as "sensitive" in the API will not
 18420  // be included in the string output. The member name will be present, but the
 18421  // value will be replaced with "sensitive".
 18422  func (s DuplicatePolicyAttachmentException) GoString() string {
 18423  	return s.String()
 18424  }
 18425  
 18426  func newErrorDuplicatePolicyAttachmentException(v protocol.ResponseMetadata) error {
 18427  	return &DuplicatePolicyAttachmentException{
 18428  		RespMetadata: v,
 18429  	}
 18430  }
 18431  
 18432  // Code returns the exception type name.
 18433  func (s *DuplicatePolicyAttachmentException) Code() string {
 18434  	return "DuplicatePolicyAttachmentException"
 18435  }
 18436  
 18437  // Message returns the exception's message.
 18438  func (s *DuplicatePolicyAttachmentException) Message() string {
 18439  	if s.Message_ != nil {
 18440  		return *s.Message_
 18441  	}
 18442  	return ""
 18443  }
 18444  
 18445  // OrigErr always returns nil, satisfies awserr.Error interface.
 18446  func (s *DuplicatePolicyAttachmentException) OrigErr() error {
 18447  	return nil
 18448  }
 18449  
 18450  func (s *DuplicatePolicyAttachmentException) Error() string {
 18451  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 18452  }
 18453  
 18454  // Status code returns the HTTP status code for the request's response error.
 18455  func (s *DuplicatePolicyAttachmentException) StatusCode() int {
 18456  	return s.RespMetadata.StatusCode
 18457  }
 18458  
 18459  // RequestID returns the service's response RequestID for request.
 18460  func (s *DuplicatePolicyAttachmentException) RequestID() string {
 18461  	return s.RespMetadata.RequestID
 18462  }
 18463  
 18464  // A policy with the same name already exists.
 18465  type DuplicatePolicyException struct {
 18466  	_            struct{}                  `type:"structure"`
 18467  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 18468  
 18469  	Message_ *string `locationName:"Message" type:"string"`
 18470  }
 18471  
 18472  // String returns the string representation.
 18473  //
 18474  // API parameter values that are decorated as "sensitive" in the API will not
 18475  // be included in the string output. The member name will be present, but the
 18476  // value will be replaced with "sensitive".
 18477  func (s DuplicatePolicyException) String() string {
 18478  	return awsutil.Prettify(s)
 18479  }
 18480  
 18481  // GoString returns the string representation.
 18482  //
 18483  // API parameter values that are decorated as "sensitive" in the API will not
 18484  // be included in the string output. The member name will be present, but the
 18485  // value will be replaced with "sensitive".
 18486  func (s DuplicatePolicyException) GoString() string {
 18487  	return s.String()
 18488  }
 18489  
 18490  func newErrorDuplicatePolicyException(v protocol.ResponseMetadata) error {
 18491  	return &DuplicatePolicyException{
 18492  		RespMetadata: v,
 18493  	}
 18494  }
 18495  
 18496  // Code returns the exception type name.
 18497  func (s *DuplicatePolicyException) Code() string {
 18498  	return "DuplicatePolicyException"
 18499  }
 18500  
 18501  // Message returns the exception's message.
 18502  func (s *DuplicatePolicyException) Message() string {
 18503  	if s.Message_ != nil {
 18504  		return *s.Message_
 18505  	}
 18506  	return ""
 18507  }
 18508  
 18509  // OrigErr always returns nil, satisfies awserr.Error interface.
 18510  func (s *DuplicatePolicyException) OrigErr() error {
 18511  	return nil
 18512  }
 18513  
 18514  func (s *DuplicatePolicyException) Error() string {
 18515  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 18516  }
 18517  
 18518  // Status code returns the HTTP status code for the request's response error.
 18519  func (s *DuplicatePolicyException) StatusCode() int {
 18520  	return s.RespMetadata.StatusCode
 18521  }
 18522  
 18523  // RequestID returns the service's response RequestID for request.
 18524  func (s *DuplicatePolicyException) RequestID() string {
 18525  	return s.RespMetadata.RequestID
 18526  }
 18527  
 18528  // Contains rules to be applied to the affected accounts. The effective policy
 18529  // is the aggregation of any policies the account inherits, plus any policy
 18530  // directly attached to the account.
 18531  type EffectivePolicy struct {
 18532  	_ struct{} `type:"structure"`
 18533  
 18534  	// The time of the last update to this policy.
 18535  	LastUpdatedTimestamp *time.Time `type:"timestamp"`
 18536  
 18537  	// The text content of the policy.
 18538  	PolicyContent *string `min:"1" type:"string"`
 18539  
 18540  	// The policy type.
 18541  	PolicyType *string `type:"string" enum:"EffectivePolicyType"`
 18542  
 18543  	// The account ID of the policy target.
 18544  	TargetId *string `type:"string"`
 18545  }
 18546  
 18547  // String returns the string representation.
 18548  //
 18549  // API parameter values that are decorated as "sensitive" in the API will not
 18550  // be included in the string output. The member name will be present, but the
 18551  // value will be replaced with "sensitive".
 18552  func (s EffectivePolicy) String() string {
 18553  	return awsutil.Prettify(s)
 18554  }
 18555  
 18556  // GoString returns the string representation.
 18557  //
 18558  // API parameter values that are decorated as "sensitive" in the API will not
 18559  // be included in the string output. The member name will be present, but the
 18560  // value will be replaced with "sensitive".
 18561  func (s EffectivePolicy) GoString() string {
 18562  	return s.String()
 18563  }
 18564  
 18565  // SetLastUpdatedTimestamp sets the LastUpdatedTimestamp field's value.
 18566  func (s *EffectivePolicy) SetLastUpdatedTimestamp(v time.Time) *EffectivePolicy {
 18567  	s.LastUpdatedTimestamp = &v
 18568  	return s
 18569  }
 18570  
 18571  // SetPolicyContent sets the PolicyContent field's value.
 18572  func (s *EffectivePolicy) SetPolicyContent(v string) *EffectivePolicy {
 18573  	s.PolicyContent = &v
 18574  	return s
 18575  }
 18576  
 18577  // SetPolicyType sets the PolicyType field's value.
 18578  func (s *EffectivePolicy) SetPolicyType(v string) *EffectivePolicy {
 18579  	s.PolicyType = &v
 18580  	return s
 18581  }
 18582  
 18583  // SetTargetId sets the TargetId field's value.
 18584  func (s *EffectivePolicy) SetTargetId(v string) *EffectivePolicy {
 18585  	s.TargetId = &v
 18586  	return s
 18587  }
 18588  
 18589  // If you ran this action on the management account, this policy type is not
 18590  // enabled. If you ran the action on a member account, the account doesn't have
 18591  // an effective policy of this type. Contact the administrator of your organization
 18592  // about attaching a policy of this type to the account.
 18593  type EffectivePolicyNotFoundException struct {
 18594  	_            struct{}                  `type:"structure"`
 18595  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 18596  
 18597  	Message_ *string `locationName:"Message" type:"string"`
 18598  }
 18599  
 18600  // String returns the string representation.
 18601  //
 18602  // API parameter values that are decorated as "sensitive" in the API will not
 18603  // be included in the string output. The member name will be present, but the
 18604  // value will be replaced with "sensitive".
 18605  func (s EffectivePolicyNotFoundException) String() string {
 18606  	return awsutil.Prettify(s)
 18607  }
 18608  
 18609  // GoString returns the string representation.
 18610  //
 18611  // API parameter values that are decorated as "sensitive" in the API will not
 18612  // be included in the string output. The member name will be present, but the
 18613  // value will be replaced with "sensitive".
 18614  func (s EffectivePolicyNotFoundException) GoString() string {
 18615  	return s.String()
 18616  }
 18617  
 18618  func newErrorEffectivePolicyNotFoundException(v protocol.ResponseMetadata) error {
 18619  	return &EffectivePolicyNotFoundException{
 18620  		RespMetadata: v,
 18621  	}
 18622  }
 18623  
 18624  // Code returns the exception type name.
 18625  func (s *EffectivePolicyNotFoundException) Code() string {
 18626  	return "EffectivePolicyNotFoundException"
 18627  }
 18628  
 18629  // Message returns the exception's message.
 18630  func (s *EffectivePolicyNotFoundException) Message() string {
 18631  	if s.Message_ != nil {
 18632  		return *s.Message_
 18633  	}
 18634  	return ""
 18635  }
 18636  
 18637  // OrigErr always returns nil, satisfies awserr.Error interface.
 18638  func (s *EffectivePolicyNotFoundException) OrigErr() error {
 18639  	return nil
 18640  }
 18641  
 18642  func (s *EffectivePolicyNotFoundException) Error() string {
 18643  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 18644  }
 18645  
 18646  // Status code returns the HTTP status code for the request's response error.
 18647  func (s *EffectivePolicyNotFoundException) StatusCode() int {
 18648  	return s.RespMetadata.StatusCode
 18649  }
 18650  
 18651  // RequestID returns the service's response RequestID for request.
 18652  func (s *EffectivePolicyNotFoundException) RequestID() string {
 18653  	return s.RespMetadata.RequestID
 18654  }
 18655  
 18656  type EnableAWSServiceAccessInput struct {
 18657  	_ struct{} `type:"structure"`
 18658  
 18659  	// The service principal name of the AWS service for which you want to enable
 18660  	// integration with your organization. This is typically in the form of a URL,
 18661  	// such as service-abbreviation.amazonaws.com.
 18662  	//
 18663  	// ServicePrincipal is a required field
 18664  	ServicePrincipal *string `min:"1" type:"string" required:"true"`
 18665  }
 18666  
 18667  // String returns the string representation.
 18668  //
 18669  // API parameter values that are decorated as "sensitive" in the API will not
 18670  // be included in the string output. The member name will be present, but the
 18671  // value will be replaced with "sensitive".
 18672  func (s EnableAWSServiceAccessInput) String() string {
 18673  	return awsutil.Prettify(s)
 18674  }
 18675  
 18676  // GoString returns the string representation.
 18677  //
 18678  // API parameter values that are decorated as "sensitive" in the API will not
 18679  // be included in the string output. The member name will be present, but the
 18680  // value will be replaced with "sensitive".
 18681  func (s EnableAWSServiceAccessInput) GoString() string {
 18682  	return s.String()
 18683  }
 18684  
 18685  // Validate inspects the fields of the type to determine if they are valid.
 18686  func (s *EnableAWSServiceAccessInput) Validate() error {
 18687  	invalidParams := request.ErrInvalidParams{Context: "EnableAWSServiceAccessInput"}
 18688  	if s.ServicePrincipal == nil {
 18689  		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
 18690  	}
 18691  	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
 18692  		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
 18693  	}
 18694  
 18695  	if invalidParams.Len() > 0 {
 18696  		return invalidParams
 18697  	}
 18698  	return nil
 18699  }
 18700  
 18701  // SetServicePrincipal sets the ServicePrincipal field's value.
 18702  func (s *EnableAWSServiceAccessInput) SetServicePrincipal(v string) *EnableAWSServiceAccessInput {
 18703  	s.ServicePrincipal = &v
 18704  	return s
 18705  }
 18706  
 18707  type EnableAWSServiceAccessOutput struct {
 18708  	_ struct{} `type:"structure"`
 18709  }
 18710  
 18711  // String returns the string representation.
 18712  //
 18713  // API parameter values that are decorated as "sensitive" in the API will not
 18714  // be included in the string output. The member name will be present, but the
 18715  // value will be replaced with "sensitive".
 18716  func (s EnableAWSServiceAccessOutput) String() string {
 18717  	return awsutil.Prettify(s)
 18718  }
 18719  
 18720  // GoString returns the string representation.
 18721  //
 18722  // API parameter values that are decorated as "sensitive" in the API will not
 18723  // be included in the string output. The member name will be present, but the
 18724  // value will be replaced with "sensitive".
 18725  func (s EnableAWSServiceAccessOutput) GoString() string {
 18726  	return s.String()
 18727  }
 18728  
 18729  type EnableAllFeaturesInput struct {
 18730  	_ struct{} `type:"structure"`
 18731  }
 18732  
 18733  // String returns the string representation.
 18734  //
 18735  // API parameter values that are decorated as "sensitive" in the API will not
 18736  // be included in the string output. The member name will be present, but the
 18737  // value will be replaced with "sensitive".
 18738  func (s EnableAllFeaturesInput) String() string {
 18739  	return awsutil.Prettify(s)
 18740  }
 18741  
 18742  // GoString returns the string representation.
 18743  //
 18744  // API parameter values that are decorated as "sensitive" in the API will not
 18745  // be included in the string output. The member name will be present, but the
 18746  // value will be replaced with "sensitive".
 18747  func (s EnableAllFeaturesInput) GoString() string {
 18748  	return s.String()
 18749  }
 18750  
 18751  type EnableAllFeaturesOutput struct {
 18752  	_ struct{} `type:"structure"`
 18753  
 18754  	// A structure that contains details about the handshake created to support
 18755  	// this request to enable all features in the organization.
 18756  	Handshake *Handshake `type:"structure"`
 18757  }
 18758  
 18759  // String returns the string representation.
 18760  //
 18761  // API parameter values that are decorated as "sensitive" in the API will not
 18762  // be included in the string output. The member name will be present, but the
 18763  // value will be replaced with "sensitive".
 18764  func (s EnableAllFeaturesOutput) String() string {
 18765  	return awsutil.Prettify(s)
 18766  }
 18767  
 18768  // GoString returns the string representation.
 18769  //
 18770  // API parameter values that are decorated as "sensitive" in the API will not
 18771  // be included in the string output. The member name will be present, but the
 18772  // value will be replaced with "sensitive".
 18773  func (s EnableAllFeaturesOutput) GoString() string {
 18774  	return s.String()
 18775  }
 18776  
 18777  // SetHandshake sets the Handshake field's value.
 18778  func (s *EnableAllFeaturesOutput) SetHandshake(v *Handshake) *EnableAllFeaturesOutput {
 18779  	s.Handshake = v
 18780  	return s
 18781  }
 18782  
 18783  type EnablePolicyTypeInput struct {
 18784  	_ struct{} `type:"structure"`
 18785  
 18786  	// The policy type that you want to enable. You can specify one of the following
 18787  	// values:
 18788  	//
 18789  	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
 18790  	//
 18791  	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
 18792  	//
 18793  	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
 18794  	//
 18795  	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
 18796  	//
 18797  	// PolicyType is a required field
 18798  	PolicyType *string `type:"string" required:"true" enum:"PolicyType"`
 18799  
 18800  	// The unique identifier (ID) of the root in which you want to enable a policy
 18801  	// type. You can get the ID from the ListRoots operation.
 18802  	//
 18803  	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
 18804  	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
 18805  	//
 18806  	// RootId is a required field
 18807  	RootId *string `type:"string" required:"true"`
 18808  }
 18809  
 18810  // String returns the string representation.
 18811  //
 18812  // API parameter values that are decorated as "sensitive" in the API will not
 18813  // be included in the string output. The member name will be present, but the
 18814  // value will be replaced with "sensitive".
 18815  func (s EnablePolicyTypeInput) String() string {
 18816  	return awsutil.Prettify(s)
 18817  }
 18818  
 18819  // GoString returns the string representation.
 18820  //
 18821  // API parameter values that are decorated as "sensitive" in the API will not
 18822  // be included in the string output. The member name will be present, but the
 18823  // value will be replaced with "sensitive".
 18824  func (s EnablePolicyTypeInput) GoString() string {
 18825  	return s.String()
 18826  }
 18827  
 18828  // Validate inspects the fields of the type to determine if they are valid.
 18829  func (s *EnablePolicyTypeInput) Validate() error {
 18830  	invalidParams := request.ErrInvalidParams{Context: "EnablePolicyTypeInput"}
 18831  	if s.PolicyType == nil {
 18832  		invalidParams.Add(request.NewErrParamRequired("PolicyType"))
 18833  	}
 18834  	if s.RootId == nil {
 18835  		invalidParams.Add(request.NewErrParamRequired("RootId"))
 18836  	}
 18837  
 18838  	if invalidParams.Len() > 0 {
 18839  		return invalidParams
 18840  	}
 18841  	return nil
 18842  }
 18843  
 18844  // SetPolicyType sets the PolicyType field's value.
 18845  func (s *EnablePolicyTypeInput) SetPolicyType(v string) *EnablePolicyTypeInput {
 18846  	s.PolicyType = &v
 18847  	return s
 18848  }
 18849  
 18850  // SetRootId sets the RootId field's value.
 18851  func (s *EnablePolicyTypeInput) SetRootId(v string) *EnablePolicyTypeInput {
 18852  	s.RootId = &v
 18853  	return s
 18854  }
 18855  
 18856  type EnablePolicyTypeOutput struct {
 18857  	_ struct{} `type:"structure"`
 18858  
 18859  	// A structure that shows the root with the updated list of enabled policy types.
 18860  	Root *Root `type:"structure"`
 18861  }
 18862  
 18863  // String returns the string representation.
 18864  //
 18865  // API parameter values that are decorated as "sensitive" in the API will not
 18866  // be included in the string output. The member name will be present, but the
 18867  // value will be replaced with "sensitive".
 18868  func (s EnablePolicyTypeOutput) String() string {
 18869  	return awsutil.Prettify(s)
 18870  }
 18871  
 18872  // GoString returns the string representation.
 18873  //
 18874  // API parameter values that are decorated as "sensitive" in the API will not
 18875  // be included in the string output. The member name will be present, but the
 18876  // value will be replaced with "sensitive".
 18877  func (s EnablePolicyTypeOutput) GoString() string {
 18878  	return s.String()
 18879  }
 18880  
 18881  // SetRoot sets the Root field's value.
 18882  func (s *EnablePolicyTypeOutput) SetRoot(v *Root) *EnablePolicyTypeOutput {
 18883  	s.Root = v
 18884  	return s
 18885  }
 18886  
 18887  // A structure that contains details of a service principal that represents
 18888  // an AWS service that is enabled to integrate with AWS Organizations.
 18889  type EnabledServicePrincipal struct {
 18890  	_ struct{} `type:"structure"`
 18891  
 18892  	// The date that the service principal was enabled for integration with AWS
 18893  	// Organizations.
 18894  	DateEnabled *time.Time `type:"timestamp"`
 18895  
 18896  	// The name of the service principal. This is typically in the form of a URL,
 18897  	// such as: servicename.amazonaws.com.
 18898  	ServicePrincipal *string `min:"1" type:"string"`
 18899  }
 18900  
 18901  // String returns the string representation.
 18902  //
 18903  // API parameter values that are decorated as "sensitive" in the API will not
 18904  // be included in the string output. The member name will be present, but the
 18905  // value will be replaced with "sensitive".
 18906  func (s EnabledServicePrincipal) String() string {
 18907  	return awsutil.Prettify(s)
 18908  }
 18909  
 18910  // GoString returns the string representation.
 18911  //
 18912  // API parameter values that are decorated as "sensitive" in the API will not
 18913  // be included in the string output. The member name will be present, but the
 18914  // value will be replaced with "sensitive".
 18915  func (s EnabledServicePrincipal) GoString() string {
 18916  	return s.String()
 18917  }
 18918  
 18919  // SetDateEnabled sets the DateEnabled field's value.
 18920  func (s *EnabledServicePrincipal) SetDateEnabled(v time.Time) *EnabledServicePrincipal {
 18921  	s.DateEnabled = &v
 18922  	return s
 18923  }
 18924  
 18925  // SetServicePrincipal sets the ServicePrincipal field's value.
 18926  func (s *EnabledServicePrincipal) SetServicePrincipal(v string) *EnabledServicePrincipal {
 18927  	s.ServicePrincipal = &v
 18928  	return s
 18929  }
 18930  
 18931  // AWS Organizations couldn't perform the operation because your organization
 18932  // hasn't finished initializing. This can take up to an hour. Try again later.
 18933  // If after one hour you continue to receive this error, contact AWS Support
 18934  // (https://console.aws.amazon.com/support/home#/).
 18935  type FinalizingOrganizationException struct {
 18936  	_            struct{}                  `type:"structure"`
 18937  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 18938  
 18939  	Message_ *string `locationName:"Message" type:"string"`
 18940  }
 18941  
 18942  // String returns the string representation.
 18943  //
 18944  // API parameter values that are decorated as "sensitive" in the API will not
 18945  // be included in the string output. The member name will be present, but the
 18946  // value will be replaced with "sensitive".
 18947  func (s FinalizingOrganizationException) String() string {
 18948  	return awsutil.Prettify(s)
 18949  }
 18950  
 18951  // GoString returns the string representation.
 18952  //
 18953  // API parameter values that are decorated as "sensitive" in the API will not
 18954  // be included in the string output. The member name will be present, but the
 18955  // value will be replaced with "sensitive".
 18956  func (s FinalizingOrganizationException) GoString() string {
 18957  	return s.String()
 18958  }
 18959  
 18960  func newErrorFinalizingOrganizationException(v protocol.ResponseMetadata) error {
 18961  	return &FinalizingOrganizationException{
 18962  		RespMetadata: v,
 18963  	}
 18964  }
 18965  
 18966  // Code returns the exception type name.
 18967  func (s *FinalizingOrganizationException) Code() string {
 18968  	return "FinalizingOrganizationException"
 18969  }
 18970  
 18971  // Message returns the exception's message.
 18972  func (s *FinalizingOrganizationException) Message() string {
 18973  	if s.Message_ != nil {
 18974  		return *s.Message_
 18975  	}
 18976  	return ""
 18977  }
 18978  
 18979  // OrigErr always returns nil, satisfies awserr.Error interface.
 18980  func (s *FinalizingOrganizationException) OrigErr() error {
 18981  	return nil
 18982  }
 18983  
 18984  func (s *FinalizingOrganizationException) Error() string {
 18985  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 18986  }
 18987  
 18988  // Status code returns the HTTP status code for the request's response error.
 18989  func (s *FinalizingOrganizationException) StatusCode() int {
 18990  	return s.RespMetadata.StatusCode
 18991  }
 18992  
 18993  // RequestID returns the service's response RequestID for request.
 18994  func (s *FinalizingOrganizationException) RequestID() string {
 18995  	return s.RespMetadata.RequestID
 18996  }
 18997  
 18998  // Contains information that must be exchanged to securely establish a relationship
 18999  // between two accounts (an originator and a recipient). For example, when a
 19000  // management account (the originator) invites another account (the recipient)
 19001  // to join its organization, the two accounts exchange information as a series
 19002  // of handshake requests and responses.
 19003  //
 19004  // Note: Handshakes that are CANCELED, ACCEPTED, or DECLINED show up in lists
 19005  // for only 30 days after entering that state After that they are deleted.
 19006  type Handshake struct {
 19007  	_ struct{} `type:"structure"`
 19008  
 19009  	// The type of handshake, indicating what action occurs when the recipient accepts
 19010  	// the handshake. The following handshake types are supported:
 19011  	//
 19012  	//    * INVITE: This type of handshake represents a request to join an organization.
 19013  	//    It is always sent from the management account to only non-member accounts.
 19014  	//
 19015  	//    * ENABLE_ALL_FEATURES: This type of handshake represents a request to
 19016  	//    enable all features in an organization. It is always sent from the management
 19017  	//    account to only invited member accounts. Created accounts do not receive
 19018  	//    this because those accounts were created by the organization's management
 19019  	//    account and approval is inferred.
 19020  	//
 19021  	//    * APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations
 19022  	//    service when all member accounts have approved the ENABLE_ALL_FEATURES
 19023  	//    invitation. It is sent only to the management account and signals the
 19024  	//    master that it can finalize the process to enable all features.
 19025  	Action *string `type:"string" enum:"ActionType"`
 19026  
 19027  	// The Amazon Resource Name (ARN) of a handshake.
 19028  	//
 19029  	// For more information about ARNs in Organizations, see ARN Formats Supported
 19030  	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
 19031  	// in the AWS Service Authorization Reference.
 19032  	Arn *string `type:"string"`
 19033  
 19034  	// The date and time that the handshake expires. If the recipient of the handshake
 19035  	// request fails to respond before the specified date and time, the handshake
 19036  	// becomes inactive and is no longer valid.
 19037  	ExpirationTimestamp *time.Time `type:"timestamp"`
 19038  
 19039  	// The unique identifier (ID) of a handshake. The originating account creates
 19040  	// the ID when it initiates the handshake.
 19041  	//
 19042  	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
 19043  	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
 19044  	Id *string `type:"string"`
 19045  
 19046  	// Information about the two accounts that are participating in the handshake.
 19047  	Parties []*HandshakeParty `type:"list"`
 19048  
 19049  	// The date and time that the handshake request was made.
 19050  	RequestedTimestamp *time.Time `type:"timestamp"`
 19051  
 19052  	// Additional information that is needed to process the handshake.
 19053  	Resources []*HandshakeResource `type:"list"`
 19054  
 19055  	// The current state of the handshake. Use the state to trace the flow of the
 19056  	// handshake through the process from its creation to its acceptance. The meaning
 19057  	// of each of the valid values is as follows:
 19058  	//
 19059  	//    * REQUESTED: This handshake was sent to multiple recipients (applicable
 19060  	//    to only some handshake types) and not all recipients have responded yet.
 19061  	//    The request stays in this state until all recipients respond.
 19062  	//
 19063  	//    * OPEN: This handshake was sent to multiple recipients (applicable to
 19064  	//    only some policy types) and all recipients have responded, allowing the
 19065  	//    originator to complete the handshake action.
 19066  	//
 19067  	//    * CANCELED: This handshake is no longer active because it was canceled
 19068  	//    by the originating account.
 19069  	//
 19070  	//    * ACCEPTED: This handshake is complete because it has been accepted by
 19071  	//    the recipient.
 19072  	//
 19073  	//    * DECLINED: This handshake is no longer active because it was declined
 19074  	//    by the recipient account.
 19075  	//
 19076  	//    * EXPIRED: This handshake is no longer active because the originator did
 19077  	//    not receive a response of any kind from the recipient before the expiration
 19078  	//    time (15 days).
 19079  	State *string `type:"string" enum:"HandshakeState"`
 19080  }
 19081  
 19082  // String returns the string representation.
 19083  //
 19084  // API parameter values that are decorated as "sensitive" in the API will not
 19085  // be included in the string output. The member name will be present, but the
 19086  // value will be replaced with "sensitive".
 19087  func (s Handshake) String() string {
 19088  	return awsutil.Prettify(s)
 19089  }
 19090  
 19091  // GoString returns the string representation.
 19092  //
 19093  // API parameter values that are decorated as "sensitive" in the API will not
 19094  // be included in the string output. The member name will be present, but the
 19095  // value will be replaced with "sensitive".
 19096  func (s Handshake) GoString() string {
 19097  	return s.String()
 19098  }
 19099  
 19100  // SetAction sets the Action field's value.
 19101  func (s *Handshake) SetAction(v string) *Handshake {
 19102  	s.Action = &v
 19103  	return s
 19104  }
 19105  
 19106  // SetArn sets the Arn field's value.
 19107  func (s *Handshake) SetArn(v string) *Handshake {
 19108  	s.Arn = &v
 19109  	return s
 19110  }
 19111  
 19112  // SetExpirationTimestamp sets the ExpirationTimestamp field's value.
 19113  func (s *Handshake) SetExpirationTimestamp(v time.Time) *Handshake {
 19114  	s.ExpirationTimestamp = &v
 19115  	return s
 19116  }
 19117  
 19118  // SetId sets the Id field's value.
 19119  func (s *Handshake) SetId(v string) *Handshake {
 19120  	s.Id = &v
 19121  	return s
 19122  }
 19123  
 19124  // SetParties sets the Parties field's value.
 19125  func (s *Handshake) SetParties(v []*HandshakeParty) *Handshake {
 19126  	s.Parties = v
 19127  	return s
 19128  }
 19129  
 19130  // SetRequestedTimestamp sets the RequestedTimestamp field's value.
 19131  func (s *Handshake) SetRequestedTimestamp(v time.Time) *Handshake {
 19132  	s.RequestedTimestamp = &v
 19133  	return s
 19134  }
 19135  
 19136  // SetResources sets the Resources field's value.
 19137  func (s *Handshake) SetResources(v []*HandshakeResource) *Handshake {
 19138  	s.Resources = v
 19139  	return s
 19140  }
 19141  
 19142  // SetState sets the State field's value.
 19143  func (s *Handshake) SetState(v string) *Handshake {
 19144  	s.State = &v
 19145  	return s
 19146  }
 19147  
 19148  // The specified handshake is already in the requested state. For example, you
 19149  // can't accept a handshake that was already accepted.
 19150  type HandshakeAlreadyInStateException struct {
 19151  	_            struct{}                  `type:"structure"`
 19152  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 19153  
 19154  	Message_ *string `locationName:"Message" type:"string"`
 19155  }
 19156  
 19157  // String returns the string representation.
 19158  //
 19159  // API parameter values that are decorated as "sensitive" in the API will not
 19160  // be included in the string output. The member name will be present, but the
 19161  // value will be replaced with "sensitive".
 19162  func (s HandshakeAlreadyInStateException) String() string {
 19163  	return awsutil.Prettify(s)
 19164  }
 19165  
 19166  // GoString returns the string representation.
 19167  //
 19168  // API parameter values that are decorated as "sensitive" in the API will not
 19169  // be included in the string output. The member name will be present, but the
 19170  // value will be replaced with "sensitive".
 19171  func (s HandshakeAlreadyInStateException) GoString() string {
 19172  	return s.String()
 19173  }
 19174  
 19175  func newErrorHandshakeAlreadyInStateException(v protocol.ResponseMetadata) error {
 19176  	return &HandshakeAlreadyInStateException{
 19177  		RespMetadata: v,
 19178  	}
 19179  }
 19180  
 19181  // Code returns the exception type name.
 19182  func (s *HandshakeAlreadyInStateException) Code() string {
 19183  	return "HandshakeAlreadyInStateException"
 19184  }
 19185  
 19186  // Message returns the exception's message.
 19187  func (s *HandshakeAlreadyInStateException) Message() string {
 19188  	if s.Message_ != nil {
 19189  		return *s.Message_
 19190  	}
 19191  	return ""
 19192  }
 19193  
 19194  // OrigErr always returns nil, satisfies awserr.Error interface.
 19195  func (s *HandshakeAlreadyInStateException) OrigErr() error {
 19196  	return nil
 19197  }
 19198  
 19199  func (s *HandshakeAlreadyInStateException) Error() string {
 19200  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 19201  }
 19202  
 19203  // Status code returns the HTTP status code for the request's response error.
 19204  func (s *HandshakeAlreadyInStateException) StatusCode() int {
 19205  	return s.RespMetadata.StatusCode
 19206  }
 19207  
 19208  // RequestID returns the service's response RequestID for request.
 19209  func (s *HandshakeAlreadyInStateException) RequestID() string {
 19210  	return s.RespMetadata.RequestID
 19211  }
 19212  
 19213  // The requested operation would violate the constraint identified in the reason
 19214  // code.
 19215  //
 19216  // Some of the reasons in the following list might not be applicable to this
 19217  // specific API or operation:
 19218  //
 19219  //    * ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on
 19220  //    the number of accounts in an organization. Note that deleted and closed
 19221  //    accounts still count toward your limit. If you get this exception immediately
 19222  //    after creating the organization, wait one hour and try again. If after
 19223  //    an hour it continues to fail with this error, contact AWS Support (https://console.aws.amazon.com/support/home#/).
 19224  //
 19225  //    * ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because
 19226  //    the invited account is already a member of an organization.
 19227  //
 19228  //    * HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of
 19229  //    handshakes that you can send in one day.
 19230  //
 19231  //    * INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations
 19232  //    to join an organization while it's in the process of enabling all features.
 19233  //    You can resume inviting accounts after you finalize the process when all
 19234  //    accounts have agreed to the change.
 19235  //
 19236  //    * ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid
 19237  //    because the organization has already enabled all features.
 19238  //
 19239  //    * ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake
 19240  //    request is invalid because the organization has already started the process
 19241  //    to enable all features.
 19242  //
 19243  //    * ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because
 19244  //    the account is from a different marketplace than the accounts in the organization.
 19245  //    For example, accounts with India addresses must be associated with the
 19246  //    AISPL marketplace. All accounts in an organization must be from the same
 19247  //    marketplace.
 19248  //
 19249  //    * ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to
 19250  //    change the membership of an account too quickly after its previous change.
 19251  //
 19252  //    * PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an
 19253  //    account that doesn't have a payment instrument, such as a credit card,
 19254  //    associated with it.
 19255  type HandshakeConstraintViolationException struct {
 19256  	_            struct{}                  `type:"structure"`
 19257  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 19258  
 19259  	Message_ *string `locationName:"Message" type:"string"`
 19260  
 19261  	Reason *string `type:"string" enum:"HandshakeConstraintViolationExceptionReason"`
 19262  }
 19263  
 19264  // String returns the string representation.
 19265  //
 19266  // API parameter values that are decorated as "sensitive" in the API will not
 19267  // be included in the string output. The member name will be present, but the
 19268  // value will be replaced with "sensitive".
 19269  func (s HandshakeConstraintViolationException) String() string {
 19270  	return awsutil.Prettify(s)
 19271  }
 19272  
 19273  // GoString returns the string representation.
 19274  //
 19275  // API parameter values that are decorated as "sensitive" in the API will not
 19276  // be included in the string output. The member name will be present, but the
 19277  // value will be replaced with "sensitive".
 19278  func (s HandshakeConstraintViolationException) GoString() string {
 19279  	return s.String()
 19280  }
 19281  
 19282  func newErrorHandshakeConstraintViolationException(v protocol.ResponseMetadata) error {
 19283  	return &HandshakeConstraintViolationException{
 19284  		RespMetadata: v,
 19285  	}
 19286  }
 19287  
 19288  // Code returns the exception type name.
 19289  func (s *HandshakeConstraintViolationException) Code() string {
 19290  	return "HandshakeConstraintViolationException"
 19291  }
 19292  
 19293  // Message returns the exception's message.
 19294  func (s *HandshakeConstraintViolationException) Message() string {
 19295  	if s.Message_ != nil {
 19296  		return *s.Message_
 19297  	}
 19298  	return ""
 19299  }
 19300  
 19301  // OrigErr always returns nil, satisfies awserr.Error interface.
 19302  func (s *HandshakeConstraintViolationException) OrigErr() error {
 19303  	return nil
 19304  }
 19305  
 19306  func (s *HandshakeConstraintViolationException) Error() string {
 19307  	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
 19308  }
 19309  
 19310  // Status code returns the HTTP status code for the request's response error.
 19311  func (s *HandshakeConstraintViolationException) StatusCode() int {
 19312  	return s.RespMetadata.StatusCode
 19313  }
 19314  
 19315  // RequestID returns the service's response RequestID for request.
 19316  func (s *HandshakeConstraintViolationException) RequestID() string {
 19317  	return s.RespMetadata.RequestID
 19318  }
 19319  
 19320  // Specifies the criteria that are used to select the handshakes for the operation.
 19321  type HandshakeFilter struct {
 19322  	_ struct{} `type:"structure"`
 19323  
 19324  	// Specifies the type of handshake action.
 19325  	//
 19326  	// If you specify ActionType, you cannot also specify ParentHandshakeId.
 19327  	ActionType *string `type:"string" enum:"ActionType"`
 19328  
 19329  	// Specifies the parent handshake. Only used for handshake types that are a
 19330  	// child of another type.
 19331  	//
 19332  	// If you specify ParentHandshakeId, you cannot also specify ActionType.
 19333  	//
 19334  	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
 19335  	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
 19336  	ParentHandshakeId *string `type:"string"`
 19337  }
 19338  
 19339  // String returns the string representation.
 19340  //
 19341  // API parameter values that are decorated as "sensitive" in the API will not
 19342  // be included in the string output. The member name will be present, but the
 19343  // value will be replaced with "sensitive".
 19344  func (s HandshakeFilter) String() string {
 19345  	return awsutil.Prettify(s)
 19346  }
 19347  
 19348  // GoString returns the string representation.
 19349  //
 19350  // API parameter values that are decorated as "sensitive" in the API will not
 19351  // be included in the string output. The member name will be present, but the
 19352  // value will be replaced with "sensitive".
 19353  func (s HandshakeFilter) GoString() string {
 19354  	return s.String()
 19355  }
 19356  
 19357  // SetActionType sets the ActionType field's value.
 19358  func (s *HandshakeFilter) SetActionType(v string) *HandshakeFilter {
 19359  	s.ActionType = &v
 19360  	return s
 19361  }
 19362  
 19363  // SetParentHandshakeId sets the ParentHandshakeId field's value.
 19364  func (s *HandshakeFilter) SetParentHandshakeId(v string) *HandshakeFilter {
 19365  	s.ParentHandshakeId = &v
 19366  	return s
 19367  }
 19368  
 19369  // We can't find a handshake with the HandshakeId that you specified.
 19370  type HandshakeNotFoundException struct {
 19371  	_            struct{}                  `type:"structure"`
 19372  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 19373  
 19374  	Message_ *string `locationName:"Message" type:"string"`
 19375  }
 19376  
 19377  // String returns the string representation.
 19378  //
 19379  // API parameter values that are decorated as "sensitive" in the API will not
 19380  // be included in the string output. The member name will be present, but the
 19381  // value will be replaced with "sensitive".
 19382  func (s HandshakeNotFoundException) String() string {
 19383  	return awsutil.Prettify(s)
 19384  }
 19385  
 19386  // GoString returns the string representation.
 19387  //
 19388  // API parameter values that are decorated as "sensitive" in the API will not
 19389  // be included in the string output. The member name will be present, but the
 19390  // value will be replaced with "sensitive".
 19391  func (s HandshakeNotFoundException) GoString() string {
 19392  	return s.String()
 19393  }
 19394  
 19395  func newErrorHandshakeNotFoundException(v protocol.ResponseMetadata) error {
 19396  	return &HandshakeNotFoundException{
 19397  		RespMetadata: v,
 19398  	}
 19399  }
 19400  
 19401  // Code returns the exception type name.
 19402  func (s *HandshakeNotFoundException) Code() string {
 19403  	return "HandshakeNotFoundException"
 19404  }
 19405  
 19406  // Message returns the exception's message.
 19407  func (s *HandshakeNotFoundException) Message() string {
 19408  	if s.Message_ != nil {
 19409  		return *s.Message_
 19410  	}
 19411  	return ""
 19412  }
 19413  
 19414  // OrigErr always returns nil, satisfies awserr.Error interface.
 19415  func (s *HandshakeNotFoundException) OrigErr() error {
 19416  	return nil
 19417  }
 19418  
 19419  func (s *HandshakeNotFoundException) Error() string {
 19420  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 19421  }
 19422  
 19423  // Status code returns the HTTP status code for the request's response error.
 19424  func (s *HandshakeNotFoundException) StatusCode() int {
 19425  	return s.RespMetadata.StatusCode
 19426  }
 19427  
 19428  // RequestID returns the service's response RequestID for request.
 19429  func (s *HandshakeNotFoundException) RequestID() string {
 19430  	return s.RespMetadata.RequestID
 19431  }
 19432  
 19433  // Identifies a participant in a handshake.
 19434  type HandshakeParty struct {
 19435  	_ struct{} `type:"structure"`
 19436  
 19437  	// The unique identifier (ID) for the party.
 19438  	//
 19439  	// The regex pattern (http://wikipedia.org/wiki/regex) for handshake ID string
 19440  	// requires "h-" followed by from 8 to 32 lowercase letters or digits.
 19441  	//
 19442  	// Id is a sensitive parameter and its value will be
 19443  	// replaced with "sensitive" in string returned by HandshakeParty's
 19444  	// String and GoString methods.
 19445  	//
 19446  	// Id is a required field
 19447  	Id *string `min:"1" type:"string" required:"true" sensitive:"true"`
 19448  
 19449  	// The type of party.
 19450  	//
 19451  	// Type is a required field
 19452  	Type *string `type:"string" required:"true" enum:"HandshakePartyType"`
 19453  }
 19454  
 19455  // String returns the string representation.
 19456  //
 19457  // API parameter values that are decorated as "sensitive" in the API will not
 19458  // be included in the string output. The member name will be present, but the
 19459  // value will be replaced with "sensitive".
 19460  func (s HandshakeParty) String() string {
 19461  	return awsutil.Prettify(s)
 19462  }
 19463  
 19464  // GoString returns the string representation.
 19465  //
 19466  // API parameter values that are decorated as "sensitive" in the API will not
 19467  // be included in the string output. The member name will be present, but the
 19468  // value will be replaced with "sensitive".
 19469  func (s HandshakeParty) GoString() string {
 19470  	return s.String()
 19471  }
 19472  
 19473  // Validate inspects the fields of the type to determine if they are valid.
 19474  func (s *HandshakeParty) Validate() error {
 19475  	invalidParams := request.ErrInvalidParams{Context: "HandshakeParty"}
 19476  	if s.Id == nil {
 19477  		invalidParams.Add(request.NewErrParamRequired("Id"))
 19478  	}
 19479  	if s.Id != nil && len(*s.Id) < 1 {
 19480  		invalidParams.Add(request.NewErrParamMinLen("Id", 1))
 19481  	}
 19482  	if s.Type == nil {
 19483  		invalidParams.Add(request.NewErrParamRequired("Type"))
 19484  	}
 19485  
 19486  	if invalidParams.Len() > 0 {
 19487  		return invalidParams
 19488  	}
 19489  	return nil
 19490  }
 19491  
 19492  // SetId sets the Id field's value.
 19493  func (s *HandshakeParty) SetId(v string) *HandshakeParty {
 19494  	s.Id = &v
 19495  	return s
 19496  }
 19497  
 19498  // SetType sets the Type field's value.
 19499  func (s *HandshakeParty) SetType(v string) *HandshakeParty {
 19500  	s.Type = &v
 19501  	return s
 19502  }
 19503  
 19504  // Contains additional data that is needed to process a handshake.
 19505  type HandshakeResource struct {
 19506  	_ struct{} `type:"structure"`
 19507  
 19508  	// When needed, contains an additional array of HandshakeResource objects.
 19509  	Resources []*HandshakeResource `type:"list"`
 19510  
 19511  	// The type of information being passed, specifying how the value is to be interpreted
 19512  	// by the other party:
 19513  	//
 19514  	//    * ACCOUNT - Specifies an AWS account ID number.
 19515  	//
 19516  	//    * ORGANIZATION - Specifies an organization ID number.
 19517  	//
 19518  	//    * EMAIL - Specifies the email address that is associated with the account
 19519  	//    that receives the handshake.
 19520  	//
 19521  	//    * OWNER_EMAIL - Specifies the email address associated with the management
 19522  	//    account. Included as information about an organization.
 19523  	//
 19524  	//    * OWNER_NAME - Specifies the name associated with the management account.
 19525  	//    Included as information about an organization.
 19526  	//
 19527  	//    * NOTES - Additional text provided by the handshake initiator and intended
 19528  	//    for the recipient to read.
 19529  	Type *string `type:"string" enum:"HandshakeResourceType"`
 19530  
 19531  	// The information that is passed to the other party in the handshake. The format
 19532  	// of the value string must match the requirements of the specified type.
 19533  	//
 19534  	// Value is a sensitive parameter and its value will be
 19535  	// replaced with "sensitive" in string returned by HandshakeResource's
 19536  	// String and GoString methods.
 19537  	Value *string `type:"string" sensitive:"true"`
 19538  }
 19539  
 19540  // String returns the string representation.
 19541  //
 19542  // API parameter values that are decorated as "sensitive" in the API will not
 19543  // be included in the string output. The member name will be present, but the
 19544  // value will be replaced with "sensitive".
 19545  func (s HandshakeResource) String() string {
 19546  	return awsutil.Prettify(s)
 19547  }
 19548  
 19549  // GoString returns the string representation.
 19550  //
 19551  // API parameter values that are decorated as "sensitive" in the API will not
 19552  // be included in the string output. The member name will be present, but the
 19553  // value will be replaced with "sensitive".
 19554  func (s HandshakeResource) GoString() string {
 19555  	return s.String()
 19556  }
 19557  
 19558  // SetResources sets the Resources field's value.
 19559  func (s *HandshakeResource) SetResources(v []*HandshakeResource) *HandshakeResource {
 19560  	s.Resources = v
 19561  	return s
 19562  }
 19563  
 19564  // SetType sets the Type field's value.
 19565  func (s *HandshakeResource) SetType(v string) *HandshakeResource {
 19566  	s.Type = &v
 19567  	return s
 19568  }
 19569  
 19570  // SetValue sets the Value field's value.
 19571  func (s *HandshakeResource) SetValue(v string) *HandshakeResource {
 19572  	s.Value = &v
 19573  	return s
 19574  }
 19575  
 19576  // You can't perform the operation on the handshake in its current state. For
 19577  // example, you can't cancel a handshake that was already accepted or accept
 19578  // a handshake that was already declined.
 19579  type InvalidHandshakeTransitionException struct {
 19580  	_            struct{}                  `type:"structure"`
 19581  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 19582  
 19583  	Message_ *string `locationName:"Message" type:"string"`
 19584  }
 19585  
 19586  // String returns the string representation.
 19587  //
 19588  // API parameter values that are decorated as "sensitive" in the API will not
 19589  // be included in the string output. The member name will be present, but the
 19590  // value will be replaced with "sensitive".
 19591  func (s InvalidHandshakeTransitionException) String() string {
 19592  	return awsutil.Prettify(s)
 19593  }
 19594  
 19595  // GoString returns the string representation.
 19596  //
 19597  // API parameter values that are decorated as "sensitive" in the API will not
 19598  // be included in the string output. The member name will be present, but the
 19599  // value will be replaced with "sensitive".
 19600  func (s InvalidHandshakeTransitionException) GoString() string {
 19601  	return s.String()
 19602  }
 19603  
 19604  func newErrorInvalidHandshakeTransitionException(v protocol.ResponseMetadata) error {
 19605  	return &InvalidHandshakeTransitionException{
 19606  		RespMetadata: v,
 19607  	}
 19608  }
 19609  
 19610  // Code returns the exception type name.
 19611  func (s *InvalidHandshakeTransitionException) Code() string {
 19612  	return "InvalidHandshakeTransitionException"
 19613  }
 19614  
 19615  // Message returns the exception's message.
 19616  func (s *InvalidHandshakeTransitionException) Message() string {
 19617  	if s.Message_ != nil {
 19618  		return *s.Message_
 19619  	}
 19620  	return ""
 19621  }
 19622  
 19623  // OrigErr always returns nil, satisfies awserr.Error interface.
 19624  func (s *InvalidHandshakeTransitionException) OrigErr() error {
 19625  	return nil
 19626  }
 19627  
 19628  func (s *InvalidHandshakeTransitionException) Error() string {
 19629  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 19630  }
 19631  
 19632  // Status code returns the HTTP status code for the request's response error.
 19633  func (s *InvalidHandshakeTransitionException) StatusCode() int {
 19634  	return s.RespMetadata.StatusCode
 19635  }
 19636  
 19637  // RequestID returns the service's response RequestID for request.
 19638  func (s *InvalidHandshakeTransitionException) RequestID() string {
 19639  	return s.RespMetadata.RequestID
 19640  }
 19641  
 19642  // The requested operation failed because you provided invalid values for one
 19643  // or more of the request parameters. This exception includes a reason that
 19644  // contains additional information about the violated limit:
 19645  //
 19646  // Some of the reasons in the following list might not be applicable to this
 19647  // specific API or operation.
 19648  //
 19649  //    * DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to
 19650  //    the same entity.
 19651  //
 19652  //    * IMMUTABLE_POLICY: You specified a policy that is managed by AWS and
 19653  //    can't be modified.
 19654  //
 19655  //    * INPUT_REQUIRED: You must include a value for all required parameters.
 19656  //
 19657  //    * INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address
 19658  //    for the invited account owner.
 19659  //
 19660  //    * INVALID_ENUM: You specified an invalid value.
 19661  //
 19662  //    * INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
 19663  //
 19664  //    * INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid
 19665  //    characters.
 19666  //
 19667  //    * INVALID_LIST_MEMBER: You provided a list to a parameter that contains
 19668  //    at least one invalid value.
 19669  //
 19670  //    * INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter
 19671  //    from the response to a previous call of the operation.
 19672  //
 19673  //    * INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account,
 19674  //    organization, or email) as a party.
 19675  //
 19676  //    * INVALID_PATTERN: You provided a value that doesn't match the required
 19677  //    pattern.
 19678  //
 19679  //    * INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't
 19680  //    match the required pattern.
 19681  //
 19682  //    * INVALID_ROLE_NAME: You provided a role name that isn't valid. A role
 19683  //    name can't begin with the reserved prefix AWSServiceRoleFor.
 19684  //
 19685  //    * INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource
 19686  //    Name (ARN) for the organization.
 19687  //
 19688  //    * INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
 19689  //
 19690  //    * INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system
 19691  //    tag. You can’t add, edit, or delete system tag keys because they're
 19692  //    reserved for AWS use. System tags don’t count against your tags per
 19693  //    resource limit.
 19694  //
 19695  //    * MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter
 19696  //    for the operation.
 19697  //
 19698  //    * MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer
 19699  //    than allowed.
 19700  //
 19701  //    * MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger
 19702  //    value than allowed.
 19703  //
 19704  //    * MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter
 19705  //    than allowed.
 19706  //
 19707  //    * MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller
 19708  //    value than allowed.
 19709  //
 19710  //    * MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only
 19711  //    between entities in the same root.
 19712  //
 19713  //    * TARGET_NOT_SUPPORTED: You can't perform the specified operation on that
 19714  //    target entity.
 19715  //
 19716  //    * UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that
 19717  //    isn't recognized.
 19718  type InvalidInputException struct {
 19719  	_            struct{}                  `type:"structure"`
 19720  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 19721  
 19722  	Message_ *string `locationName:"Message" type:"string"`
 19723  
 19724  	Reason *string `type:"string" enum:"InvalidInputExceptionReason"`
 19725  }
 19726  
 19727  // String returns the string representation.
 19728  //
 19729  // API parameter values that are decorated as "sensitive" in the API will not
 19730  // be included in the string output. The member name will be present, but the
 19731  // value will be replaced with "sensitive".
 19732  func (s InvalidInputException) String() string {
 19733  	return awsutil.Prettify(s)
 19734  }
 19735  
 19736  // GoString returns the string representation.
 19737  //
 19738  // API parameter values that are decorated as "sensitive" in the API will not
 19739  // be included in the string output. The member name will be present, but the
 19740  // value will be replaced with "sensitive".
 19741  func (s InvalidInputException) GoString() string {
 19742  	return s.String()
 19743  }
 19744  
 19745  func newErrorInvalidInputException(v protocol.ResponseMetadata) error {
 19746  	return &InvalidInputException{
 19747  		RespMetadata: v,
 19748  	}
 19749  }
 19750  
 19751  // Code returns the exception type name.
 19752  func (s *InvalidInputException) Code() string {
 19753  	return "InvalidInputException"
 19754  }
 19755  
 19756  // Message returns the exception's message.
 19757  func (s *InvalidInputException) Message() string {
 19758  	if s.Message_ != nil {
 19759  		return *s.Message_
 19760  	}
 19761  	return ""
 19762  }
 19763  
 19764  // OrigErr always returns nil, satisfies awserr.Error interface.
 19765  func (s *InvalidInputException) OrigErr() error {
 19766  	return nil
 19767  }
 19768  
 19769  func (s *InvalidInputException) Error() string {
 19770  	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
 19771  }
 19772  
 19773  // Status code returns the HTTP status code for the request's response error.
 19774  func (s *InvalidInputException) StatusCode() int {
 19775  	return s.RespMetadata.StatusCode
 19776  }
 19777  
 19778  // RequestID returns the service's response RequestID for request.
 19779  func (s *InvalidInputException) RequestID() string {
 19780  	return s.RespMetadata.RequestID
 19781  }
 19782  
 19783  type InviteAccountToOrganizationInput struct {
 19784  	_ struct{} `type:"structure"`
 19785  
 19786  	// Additional information that you want to include in the generated email to
 19787  	// the recipient account owner.
 19788  	//
 19789  	// Notes is a sensitive parameter and its value will be
 19790  	// replaced with "sensitive" in string returned by InviteAccountToOrganizationInput's
 19791  	// String and GoString methods.
 19792  	Notes *string `type:"string" sensitive:"true"`
 19793  
 19794  	// A list of tags that you want to attach to the account when it becomes a member
 19795  	// of the organization. For each tag in the list, you must specify both a tag
 19796  	// key and a value. You can set the value to an empty string, but you can't
 19797  	// set it to null. For more information about tagging, see Tagging AWS Organizations
 19798  	// resources (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tagging.html)
 19799  	// in the AWS Organizations User Guide.
 19800  	//
 19801  	// Any tags in the request are checked for compliance with any applicable tag
 19802  	// policies when the request is made. The request is rejected if the tags in
 19803  	// the request don't match the requirements of the policy at that time. Tag
 19804  	// policy compliance is not checked again when the invitation is accepted and
 19805  	// the tags are actually attached to the account. That means that if the tag
 19806  	// policy changes between the invitation and the acceptance, then that tags
 19807  	// could potentially be non-compliant.
 19808  	//
 19809  	// If any one of the tags is invalid or if you exceed the allowed number of
 19810  	// tags for an account, then the entire request fails and invitations are not
 19811  	// sent.
 19812  	Tags []*Tag `type:"list"`
 19813  
 19814  	// The identifier (ID) of the AWS account that you want to invite to join your
 19815  	// organization. This is a JSON object that contains the following elements:
 19816  	//
 19817  	// { "Type": "ACCOUNT", "Id": "< account id number >" }
 19818  	//
 19819  	// If you use the AWS CLI, you can submit this as a single string, similar to
 19820  	// the following example:
 19821  	//
 19822  	// --target Id=123456789012,Type=ACCOUNT
 19823  	//
 19824  	// If you specify "Type": "ACCOUNT", you must provide the AWS account ID number
 19825  	// as the Id. If you specify "Type": "EMAIL", you must specify the email address
 19826  	// that is associated with the account.
 19827  	//
 19828  	// --target Id=diego@example.com,Type=EMAIL
 19829  	//
 19830  	// Target is a required field
 19831  	Target *HandshakeParty `type:"structure" required:"true"`
 19832  }
 19833  
 19834  // String returns the string representation.
 19835  //
 19836  // API parameter values that are decorated as "sensitive" in the API will not
 19837  // be included in the string output. The member name will be present, but the
 19838  // value will be replaced with "sensitive".
 19839  func (s InviteAccountToOrganizationInput) String() string {
 19840  	return awsutil.Prettify(s)
 19841  }
 19842  
 19843  // GoString returns the string representation.
 19844  //
 19845  // API parameter values that are decorated as "sensitive" in the API will not
 19846  // be included in the string output. The member name will be present, but the
 19847  // value will be replaced with "sensitive".
 19848  func (s InviteAccountToOrganizationInput) GoString() string {
 19849  	return s.String()
 19850  }
 19851  
 19852  // Validate inspects the fields of the type to determine if they are valid.
 19853  func (s *InviteAccountToOrganizationInput) Validate() error {
 19854  	invalidParams := request.ErrInvalidParams{Context: "InviteAccountToOrganizationInput"}
 19855  	if s.Target == nil {
 19856  		invalidParams.Add(request.NewErrParamRequired("Target"))
 19857  	}
 19858  	if s.Tags != nil {
 19859  		for i, v := range s.Tags {
 19860  			if v == nil {
 19861  				continue
 19862  			}
 19863  			if err := v.Validate(); err != nil {
 19864  				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
 19865  			}
 19866  		}
 19867  	}
 19868  	if s.Target != nil {
 19869  		if err := s.Target.Validate(); err != nil {
 19870  			invalidParams.AddNested("Target", err.(request.ErrInvalidParams))
 19871  		}
 19872  	}
 19873  
 19874  	if invalidParams.Len() > 0 {
 19875  		return invalidParams
 19876  	}
 19877  	return nil
 19878  }
 19879  
 19880  // SetNotes sets the Notes field's value.
 19881  func (s *InviteAccountToOrganizationInput) SetNotes(v string) *InviteAccountToOrganizationInput {
 19882  	s.Notes = &v
 19883  	return s
 19884  }
 19885  
 19886  // SetTags sets the Tags field's value.
 19887  func (s *InviteAccountToOrganizationInput) SetTags(v []*Tag) *InviteAccountToOrganizationInput {
 19888  	s.Tags = v
 19889  	return s
 19890  }
 19891  
 19892  // SetTarget sets the Target field's value.
 19893  func (s *InviteAccountToOrganizationInput) SetTarget(v *HandshakeParty) *InviteAccountToOrganizationInput {
 19894  	s.Target = v
 19895  	return s
 19896  }
 19897  
 19898  type InviteAccountToOrganizationOutput struct {
 19899  	_ struct{} `type:"structure"`
 19900  
 19901  	// A structure that contains details about the handshake that is created to
 19902  	// support this invitation request.
 19903  	Handshake *Handshake `type:"structure"`
 19904  }
 19905  
 19906  // String returns the string representation.
 19907  //
 19908  // API parameter values that are decorated as "sensitive" in the API will not
 19909  // be included in the string output. The member name will be present, but the
 19910  // value will be replaced with "sensitive".
 19911  func (s InviteAccountToOrganizationOutput) String() string {
 19912  	return awsutil.Prettify(s)
 19913  }
 19914  
 19915  // GoString returns the string representation.
 19916  //
 19917  // API parameter values that are decorated as "sensitive" in the API will not
 19918  // be included in the string output. The member name will be present, but the
 19919  // value will be replaced with "sensitive".
 19920  func (s InviteAccountToOrganizationOutput) GoString() string {
 19921  	return s.String()
 19922  }
 19923  
 19924  // SetHandshake sets the Handshake field's value.
 19925  func (s *InviteAccountToOrganizationOutput) SetHandshake(v *Handshake) *InviteAccountToOrganizationOutput {
 19926  	s.Handshake = v
 19927  	return s
 19928  }
 19929  
 19930  type LeaveOrganizationInput struct {
 19931  	_ struct{} `type:"structure"`
 19932  }
 19933  
 19934  // String returns the string representation.
 19935  //
 19936  // API parameter values that are decorated as "sensitive" in the API will not
 19937  // be included in the string output. The member name will be present, but the
 19938  // value will be replaced with "sensitive".
 19939  func (s LeaveOrganizationInput) String() string {
 19940  	return awsutil.Prettify(s)
 19941  }
 19942  
 19943  // GoString returns the string representation.
 19944  //
 19945  // API parameter values that are decorated as "sensitive" in the API will not
 19946  // be included in the string output. The member name will be present, but the
 19947  // value will be replaced with "sensitive".
 19948  func (s LeaveOrganizationInput) GoString() string {
 19949  	return s.String()
 19950  }
 19951  
 19952  type LeaveOrganizationOutput struct {
 19953  	_ struct{} `type:"structure"`
 19954  }
 19955  
 19956  // String returns the string representation.
 19957  //
 19958  // API parameter values that are decorated as "sensitive" in the API will not
 19959  // be included in the string output. The member name will be present, but the
 19960  // value will be replaced with "sensitive".
 19961  func (s LeaveOrganizationOutput) String() string {
 19962  	return awsutil.Prettify(s)
 19963  }
 19964  
 19965  // GoString returns the string representation.
 19966  //
 19967  // API parameter values that are decorated as "sensitive" in the API will not
 19968  // be included in the string output. The member name will be present, but the
 19969  // value will be replaced with "sensitive".
 19970  func (s LeaveOrganizationOutput) GoString() string {
 19971  	return s.String()
 19972  }
 19973  
 19974  type ListAWSServiceAccessForOrganizationInput struct {
 19975  	_ struct{} `type:"structure"`
 19976  
 19977  	// The total number of results that you want included on each page of the response.
 19978  	// If you do not include this parameter, it defaults to a value that is specific
 19979  	// to the operation. If additional items exist beyond the maximum you specify,
 19980  	// the NextToken response element is present and has a value (is not null).
 19981  	// Include that value as the NextToken request parameter in the next call to
 19982  	// the operation to get the next part of the results. Note that Organizations
 19983  	// might return fewer results than the maximum even when there are more results
 19984  	// available. You should check NextToken after every operation to ensure that
 19985  	// you receive all of the results.
 19986  	MaxResults *int64 `min:"1" type:"integer"`
 19987  
 19988  	// The parameter for receiving additional results if you receive a NextToken
 19989  	// response in a previous request. A NextToken response indicates that more
 19990  	// output is available. Set this parameter to the value of the previous call's
 19991  	// NextToken response to indicate where the output should continue from.
 19992  	NextToken *string `type:"string"`
 19993  }
 19994  
 19995  // String returns the string representation.
 19996  //
 19997  // API parameter values that are decorated as "sensitive" in the API will not
 19998  // be included in the string output. The member name will be present, but the
 19999  // value will be replaced with "sensitive".
 20000  func (s ListAWSServiceAccessForOrganizationInput) String() string {
 20001  	return awsutil.Prettify(s)
 20002  }
 20003  
 20004  // GoString returns the string representation.
 20005  //
 20006  // API parameter values that are decorated as "sensitive" in the API will not
 20007  // be included in the string output. The member name will be present, but the
 20008  // value will be replaced with "sensitive".
 20009  func (s ListAWSServiceAccessForOrganizationInput) GoString() string {
 20010  	return s.String()
 20011  }
 20012  
 20013  // Validate inspects the fields of the type to determine if they are valid.
 20014  func (s *ListAWSServiceAccessForOrganizationInput) Validate() error {
 20015  	invalidParams := request.ErrInvalidParams{Context: "ListAWSServiceAccessForOrganizationInput"}
 20016  	if s.MaxResults != nil && *s.MaxResults < 1 {
 20017  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 20018  	}
 20019  
 20020  	if invalidParams.Len() > 0 {
 20021  		return invalidParams
 20022  	}
 20023  	return nil
 20024  }
 20025  
 20026  // SetMaxResults sets the MaxResults field's value.
 20027  func (s *ListAWSServiceAccessForOrganizationInput) SetMaxResults(v int64) *ListAWSServiceAccessForOrganizationInput {
 20028  	s.MaxResults = &v
 20029  	return s
 20030  }
 20031  
 20032  // SetNextToken sets the NextToken field's value.
 20033  func (s *ListAWSServiceAccessForOrganizationInput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationInput {
 20034  	s.NextToken = &v
 20035  	return s
 20036  }
 20037  
 20038  type ListAWSServiceAccessForOrganizationOutput struct {
 20039  	_ struct{} `type:"structure"`
 20040  
 20041  	// A list of the service principals for the services that are enabled to integrate
 20042  	// with your organization. Each principal is a structure that includes the name
 20043  	// and the date that it was enabled for integration with AWS Organizations.
 20044  	EnabledServicePrincipals []*EnabledServicePrincipal `type:"list"`
 20045  
 20046  	// If present, indicates that more output is available than is included in the
 20047  	// current response. Use this value in the NextToken request parameter in a
 20048  	// subsequent call to the operation to get the next part of the output. You
 20049  	// should repeat this until the NextToken response element comes back as null.
 20050  	NextToken *string `type:"string"`
 20051  }
 20052  
 20053  // String returns the string representation.
 20054  //
 20055  // API parameter values that are decorated as "sensitive" in the API will not
 20056  // be included in the string output. The member name will be present, but the
 20057  // value will be replaced with "sensitive".
 20058  func (s ListAWSServiceAccessForOrganizationOutput) String() string {
 20059  	return awsutil.Prettify(s)
 20060  }
 20061  
 20062  // GoString returns the string representation.
 20063  //
 20064  // API parameter values that are decorated as "sensitive" in the API will not
 20065  // be included in the string output. The member name will be present, but the
 20066  // value will be replaced with "sensitive".
 20067  func (s ListAWSServiceAccessForOrganizationOutput) GoString() string {
 20068  	return s.String()
 20069  }
 20070  
 20071  // SetEnabledServicePrincipals sets the EnabledServicePrincipals field's value.
 20072  func (s *ListAWSServiceAccessForOrganizationOutput) SetEnabledServicePrincipals(v []*EnabledServicePrincipal) *ListAWSServiceAccessForOrganizationOutput {
 20073  	s.EnabledServicePrincipals = v
 20074  	return s
 20075  }
 20076  
 20077  // SetNextToken sets the NextToken field's value.
 20078  func (s *ListAWSServiceAccessForOrganizationOutput) SetNextToken(v string) *ListAWSServiceAccessForOrganizationOutput {
 20079  	s.NextToken = &v
 20080  	return s
 20081  }
 20082  
 20083  type ListAccountsForParentInput struct {
 20084  	_ struct{} `type:"structure"`
 20085  
 20086  	// The total number of results that you want included on each page of the response.
 20087  	// If you do not include this parameter, it defaults to a value that is specific
 20088  	// to the operation. If additional items exist beyond the maximum you specify,
 20089  	// the NextToken response element is present and has a value (is not null).
 20090  	// Include that value as the NextToken request parameter in the next call to
 20091  	// the operation to get the next part of the results. Note that Organizations
 20092  	// might return fewer results than the maximum even when there are more results
 20093  	// available. You should check NextToken after every operation to ensure that
 20094  	// you receive all of the results.
 20095  	MaxResults *int64 `min:"1" type:"integer"`
 20096  
 20097  	// The parameter for receiving additional results if you receive a NextToken
 20098  	// response in a previous request. A NextToken response indicates that more
 20099  	// output is available. Set this parameter to the value of the previous call's
 20100  	// NextToken response to indicate where the output should continue from.
 20101  	NextToken *string `type:"string"`
 20102  
 20103  	// The unique identifier (ID) for the parent root or organization unit (OU)
 20104  	// whose accounts you want to list.
 20105  	//
 20106  	// ParentId is a required field
 20107  	ParentId *string `type:"string" required:"true"`
 20108  }
 20109  
 20110  // String returns the string representation.
 20111  //
 20112  // API parameter values that are decorated as "sensitive" in the API will not
 20113  // be included in the string output. The member name will be present, but the
 20114  // value will be replaced with "sensitive".
 20115  func (s ListAccountsForParentInput) String() string {
 20116  	return awsutil.Prettify(s)
 20117  }
 20118  
 20119  // GoString returns the string representation.
 20120  //
 20121  // API parameter values that are decorated as "sensitive" in the API will not
 20122  // be included in the string output. The member name will be present, but the
 20123  // value will be replaced with "sensitive".
 20124  func (s ListAccountsForParentInput) GoString() string {
 20125  	return s.String()
 20126  }
 20127  
 20128  // Validate inspects the fields of the type to determine if they are valid.
 20129  func (s *ListAccountsForParentInput) Validate() error {
 20130  	invalidParams := request.ErrInvalidParams{Context: "ListAccountsForParentInput"}
 20131  	if s.MaxResults != nil && *s.MaxResults < 1 {
 20132  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 20133  	}
 20134  	if s.ParentId == nil {
 20135  		invalidParams.Add(request.NewErrParamRequired("ParentId"))
 20136  	}
 20137  
 20138  	if invalidParams.Len() > 0 {
 20139  		return invalidParams
 20140  	}
 20141  	return nil
 20142  }
 20143  
 20144  // SetMaxResults sets the MaxResults field's value.
 20145  func (s *ListAccountsForParentInput) SetMaxResults(v int64) *ListAccountsForParentInput {
 20146  	s.MaxResults = &v
 20147  	return s
 20148  }
 20149  
 20150  // SetNextToken sets the NextToken field's value.
 20151  func (s *ListAccountsForParentInput) SetNextToken(v string) *ListAccountsForParentInput {
 20152  	s.NextToken = &v
 20153  	return s
 20154  }
 20155  
 20156  // SetParentId sets the ParentId field's value.
 20157  func (s *ListAccountsForParentInput) SetParentId(v string) *ListAccountsForParentInput {
 20158  	s.ParentId = &v
 20159  	return s
 20160  }
 20161  
 20162  type ListAccountsForParentOutput struct {
 20163  	_ struct{} `type:"structure"`
 20164  
 20165  	// A list of the accounts in the specified root or OU.
 20166  	Accounts []*Account `type:"list"`
 20167  
 20168  	// If present, indicates that more output is available than is included in the
 20169  	// current response. Use this value in the NextToken request parameter in a
 20170  	// subsequent call to the operation to get the next part of the output. You
 20171  	// should repeat this until the NextToken response element comes back as null.
 20172  	NextToken *string `type:"string"`
 20173  }
 20174  
 20175  // String returns the string representation.
 20176  //
 20177  // API parameter values that are decorated as "sensitive" in the API will not
 20178  // be included in the string output. The member name will be present, but the
 20179  // value will be replaced with "sensitive".
 20180  func (s ListAccountsForParentOutput) String() string {
 20181  	return awsutil.Prettify(s)
 20182  }
 20183  
 20184  // GoString returns the string representation.
 20185  //
 20186  // API parameter values that are decorated as "sensitive" in the API will not
 20187  // be included in the string output. The member name will be present, but the
 20188  // value will be replaced with "sensitive".
 20189  func (s ListAccountsForParentOutput) GoString() string {
 20190  	return s.String()
 20191  }
 20192  
 20193  // SetAccounts sets the Accounts field's value.
 20194  func (s *ListAccountsForParentOutput) SetAccounts(v []*Account) *ListAccountsForParentOutput {
 20195  	s.Accounts = v
 20196  	return s
 20197  }
 20198  
 20199  // SetNextToken sets the NextToken field's value.
 20200  func (s *ListAccountsForParentOutput) SetNextToken(v string) *ListAccountsForParentOutput {
 20201  	s.NextToken = &v
 20202  	return s
 20203  }
 20204  
 20205  type ListAccountsInput struct {
 20206  	_ struct{} `type:"structure"`
 20207  
 20208  	// The total number of results that you want included on each page of the response.
 20209  	// If you do not include this parameter, it defaults to a value that is specific
 20210  	// to the operation. If additional items exist beyond the maximum you specify,
 20211  	// the NextToken response element is present and has a value (is not null).
 20212  	// Include that value as the NextToken request parameter in the next call to
 20213  	// the operation to get the next part of the results. Note that Organizations
 20214  	// might return fewer results than the maximum even when there are more results
 20215  	// available. You should check NextToken after every operation to ensure that
 20216  	// you receive all of the results.
 20217  	MaxResults *int64 `min:"1" type:"integer"`
 20218  
 20219  	// The parameter for receiving additional results if you receive a NextToken
 20220  	// response in a previous request. A NextToken response indicates that more
 20221  	// output is available. Set this parameter to the value of the previous call's
 20222  	// NextToken response to indicate where the output should continue from.
 20223  	NextToken *string `type:"string"`
 20224  }
 20225  
 20226  // String returns the string representation.
 20227  //
 20228  // API parameter values that are decorated as "sensitive" in the API will not
 20229  // be included in the string output. The member name will be present, but the
 20230  // value will be replaced with "sensitive".
 20231  func (s ListAccountsInput) String() string {
 20232  	return awsutil.Prettify(s)
 20233  }
 20234  
 20235  // GoString returns the string representation.
 20236  //
 20237  // API parameter values that are decorated as "sensitive" in the API will not
 20238  // be included in the string output. The member name will be present, but the
 20239  // value will be replaced with "sensitive".
 20240  func (s ListAccountsInput) GoString() string {
 20241  	return s.String()
 20242  }
 20243  
 20244  // Validate inspects the fields of the type to determine if they are valid.
 20245  func (s *ListAccountsInput) Validate() error {
 20246  	invalidParams := request.ErrInvalidParams{Context: "ListAccountsInput"}
 20247  	if s.MaxResults != nil && *s.MaxResults < 1 {
 20248  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 20249  	}
 20250  
 20251  	if invalidParams.Len() > 0 {
 20252  		return invalidParams
 20253  	}
 20254  	return nil
 20255  }
 20256  
 20257  // SetMaxResults sets the MaxResults field's value.
 20258  func (s *ListAccountsInput) SetMaxResults(v int64) *ListAccountsInput {
 20259  	s.MaxResults = &v
 20260  	return s
 20261  }
 20262  
 20263  // SetNextToken sets the NextToken field's value.
 20264  func (s *ListAccountsInput) SetNextToken(v string) *ListAccountsInput {
 20265  	s.NextToken = &v
 20266  	return s
 20267  }
 20268  
 20269  type ListAccountsOutput struct {
 20270  	_ struct{} `type:"structure"`
 20271  
 20272  	// A list of objects in the organization.
 20273  	Accounts []*Account `type:"list"`
 20274  
 20275  	// If present, indicates that more output is available than is included in the
 20276  	// current response. Use this value in the NextToken request parameter in a
 20277  	// subsequent call to the operation to get the next part of the output. You
 20278  	// should repeat this until the NextToken response element comes back as null.
 20279  	NextToken *string `type:"string"`
 20280  }
 20281  
 20282  // String returns the string representation.
 20283  //
 20284  // API parameter values that are decorated as "sensitive" in the API will not
 20285  // be included in the string output. The member name will be present, but the
 20286  // value will be replaced with "sensitive".
 20287  func (s ListAccountsOutput) String() string {
 20288  	return awsutil.Prettify(s)
 20289  }
 20290  
 20291  // GoString returns the string representation.
 20292  //
 20293  // API parameter values that are decorated as "sensitive" in the API will not
 20294  // be included in the string output. The member name will be present, but the
 20295  // value will be replaced with "sensitive".
 20296  func (s ListAccountsOutput) GoString() string {
 20297  	return s.String()
 20298  }
 20299  
 20300  // SetAccounts sets the Accounts field's value.
 20301  func (s *ListAccountsOutput) SetAccounts(v []*Account) *ListAccountsOutput {
 20302  	s.Accounts = v
 20303  	return s
 20304  }
 20305  
 20306  // SetNextToken sets the NextToken field's value.
 20307  func (s *ListAccountsOutput) SetNextToken(v string) *ListAccountsOutput {
 20308  	s.NextToken = &v
 20309  	return s
 20310  }
 20311  
 20312  type ListChildrenInput struct {
 20313  	_ struct{} `type:"structure"`
 20314  
 20315  	// Filters the output to include only the specified child type.
 20316  	//
 20317  	// ChildType is a required field
 20318  	ChildType *string `type:"string" required:"true" enum:"ChildType"`
 20319  
 20320  	// The total number of results that you want included on each page of the response.
 20321  	// If you do not include this parameter, it defaults to a value that is specific
 20322  	// to the operation. If additional items exist beyond the maximum you specify,
 20323  	// the NextToken response element is present and has a value (is not null).
 20324  	// Include that value as the NextToken request parameter in the next call to
 20325  	// the operation to get the next part of the results. Note that Organizations
 20326  	// might return fewer results than the maximum even when there are more results
 20327  	// available. You should check NextToken after every operation to ensure that
 20328  	// you receive all of the results.
 20329  	MaxResults *int64 `min:"1" type:"integer"`
 20330  
 20331  	// The parameter for receiving additional results if you receive a NextToken
 20332  	// response in a previous request. A NextToken response indicates that more
 20333  	// output is available. Set this parameter to the value of the previous call's
 20334  	// NextToken response to indicate where the output should continue from.
 20335  	NextToken *string `type:"string"`
 20336  
 20337  	// The unique identifier (ID) for the parent root or OU whose children you want
 20338  	// to list.
 20339  	//
 20340  	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
 20341  	// requires one of the following:
 20342  	//
 20343  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 20344  	//    letters or digits.
 20345  	//
 20346  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 20347  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 20348  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 20349  	//    32 additional lowercase letters or digits.
 20350  	//
 20351  	// ParentId is a required field
 20352  	ParentId *string `type:"string" required:"true"`
 20353  }
 20354  
 20355  // String returns the string representation.
 20356  //
 20357  // API parameter values that are decorated as "sensitive" in the API will not
 20358  // be included in the string output. The member name will be present, but the
 20359  // value will be replaced with "sensitive".
 20360  func (s ListChildrenInput) String() string {
 20361  	return awsutil.Prettify(s)
 20362  }
 20363  
 20364  // GoString returns the string representation.
 20365  //
 20366  // API parameter values that are decorated as "sensitive" in the API will not
 20367  // be included in the string output. The member name will be present, but the
 20368  // value will be replaced with "sensitive".
 20369  func (s ListChildrenInput) GoString() string {
 20370  	return s.String()
 20371  }
 20372  
 20373  // Validate inspects the fields of the type to determine if they are valid.
 20374  func (s *ListChildrenInput) Validate() error {
 20375  	invalidParams := request.ErrInvalidParams{Context: "ListChildrenInput"}
 20376  	if s.ChildType == nil {
 20377  		invalidParams.Add(request.NewErrParamRequired("ChildType"))
 20378  	}
 20379  	if s.MaxResults != nil && *s.MaxResults < 1 {
 20380  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 20381  	}
 20382  	if s.ParentId == nil {
 20383  		invalidParams.Add(request.NewErrParamRequired("ParentId"))
 20384  	}
 20385  
 20386  	if invalidParams.Len() > 0 {
 20387  		return invalidParams
 20388  	}
 20389  	return nil
 20390  }
 20391  
 20392  // SetChildType sets the ChildType field's value.
 20393  func (s *ListChildrenInput) SetChildType(v string) *ListChildrenInput {
 20394  	s.ChildType = &v
 20395  	return s
 20396  }
 20397  
 20398  // SetMaxResults sets the MaxResults field's value.
 20399  func (s *ListChildrenInput) SetMaxResults(v int64) *ListChildrenInput {
 20400  	s.MaxResults = &v
 20401  	return s
 20402  }
 20403  
 20404  // SetNextToken sets the NextToken field's value.
 20405  func (s *ListChildrenInput) SetNextToken(v string) *ListChildrenInput {
 20406  	s.NextToken = &v
 20407  	return s
 20408  }
 20409  
 20410  // SetParentId sets the ParentId field's value.
 20411  func (s *ListChildrenInput) SetParentId(v string) *ListChildrenInput {
 20412  	s.ParentId = &v
 20413  	return s
 20414  }
 20415  
 20416  type ListChildrenOutput struct {
 20417  	_ struct{} `type:"structure"`
 20418  
 20419  	// The list of children of the specified parent container.
 20420  	Children []*Child `type:"list"`
 20421  
 20422  	// If present, indicates that more output is available than is included in the
 20423  	// current response. Use this value in the NextToken request parameter in a
 20424  	// subsequent call to the operation to get the next part of the output. You
 20425  	// should repeat this until the NextToken response element comes back as null.
 20426  	NextToken *string `type:"string"`
 20427  }
 20428  
 20429  // String returns the string representation.
 20430  //
 20431  // API parameter values that are decorated as "sensitive" in the API will not
 20432  // be included in the string output. The member name will be present, but the
 20433  // value will be replaced with "sensitive".
 20434  func (s ListChildrenOutput) String() string {
 20435  	return awsutil.Prettify(s)
 20436  }
 20437  
 20438  // GoString returns the string representation.
 20439  //
 20440  // API parameter values that are decorated as "sensitive" in the API will not
 20441  // be included in the string output. The member name will be present, but the
 20442  // value will be replaced with "sensitive".
 20443  func (s ListChildrenOutput) GoString() string {
 20444  	return s.String()
 20445  }
 20446  
 20447  // SetChildren sets the Children field's value.
 20448  func (s *ListChildrenOutput) SetChildren(v []*Child) *ListChildrenOutput {
 20449  	s.Children = v
 20450  	return s
 20451  }
 20452  
 20453  // SetNextToken sets the NextToken field's value.
 20454  func (s *ListChildrenOutput) SetNextToken(v string) *ListChildrenOutput {
 20455  	s.NextToken = &v
 20456  	return s
 20457  }
 20458  
 20459  type ListCreateAccountStatusInput struct {
 20460  	_ struct{} `type:"structure"`
 20461  
 20462  	// The total number of results that you want included on each page of the response.
 20463  	// If you do not include this parameter, it defaults to a value that is specific
 20464  	// to the operation. If additional items exist beyond the maximum you specify,
 20465  	// the NextToken response element is present and has a value (is not null).
 20466  	// Include that value as the NextToken request parameter in the next call to
 20467  	// the operation to get the next part of the results. Note that Organizations
 20468  	// might return fewer results than the maximum even when there are more results
 20469  	// available. You should check NextToken after every operation to ensure that
 20470  	// you receive all of the results.
 20471  	MaxResults *int64 `min:"1" type:"integer"`
 20472  
 20473  	// The parameter for receiving additional results if you receive a NextToken
 20474  	// response in a previous request. A NextToken response indicates that more
 20475  	// output is available. Set this parameter to the value of the previous call's
 20476  	// NextToken response to indicate where the output should continue from.
 20477  	NextToken *string `type:"string"`
 20478  
 20479  	// A list of one or more states that you want included in the response. If this
 20480  	// parameter isn't present, all requests are included in the response.
 20481  	States []*string `type:"list"`
 20482  }
 20483  
 20484  // String returns the string representation.
 20485  //
 20486  // API parameter values that are decorated as "sensitive" in the API will not
 20487  // be included in the string output. The member name will be present, but the
 20488  // value will be replaced with "sensitive".
 20489  func (s ListCreateAccountStatusInput) String() string {
 20490  	return awsutil.Prettify(s)
 20491  }
 20492  
 20493  // GoString returns the string representation.
 20494  //
 20495  // API parameter values that are decorated as "sensitive" in the API will not
 20496  // be included in the string output. The member name will be present, but the
 20497  // value will be replaced with "sensitive".
 20498  func (s ListCreateAccountStatusInput) GoString() string {
 20499  	return s.String()
 20500  }
 20501  
 20502  // Validate inspects the fields of the type to determine if they are valid.
 20503  func (s *ListCreateAccountStatusInput) Validate() error {
 20504  	invalidParams := request.ErrInvalidParams{Context: "ListCreateAccountStatusInput"}
 20505  	if s.MaxResults != nil && *s.MaxResults < 1 {
 20506  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 20507  	}
 20508  
 20509  	if invalidParams.Len() > 0 {
 20510  		return invalidParams
 20511  	}
 20512  	return nil
 20513  }
 20514  
 20515  // SetMaxResults sets the MaxResults field's value.
 20516  func (s *ListCreateAccountStatusInput) SetMaxResults(v int64) *ListCreateAccountStatusInput {
 20517  	s.MaxResults = &v
 20518  	return s
 20519  }
 20520  
 20521  // SetNextToken sets the NextToken field's value.
 20522  func (s *ListCreateAccountStatusInput) SetNextToken(v string) *ListCreateAccountStatusInput {
 20523  	s.NextToken = &v
 20524  	return s
 20525  }
 20526  
 20527  // SetStates sets the States field's value.
 20528  func (s *ListCreateAccountStatusInput) SetStates(v []*string) *ListCreateAccountStatusInput {
 20529  	s.States = v
 20530  	return s
 20531  }
 20532  
 20533  type ListCreateAccountStatusOutput struct {
 20534  	_ struct{} `type:"structure"`
 20535  
 20536  	// A list of objects with details about the requests. Certain elements, such
 20537  	// as the accountId number, are present in the output only after the account
 20538  	// has been successfully created.
 20539  	CreateAccountStatuses []*CreateAccountStatus `type:"list"`
 20540  
 20541  	// If present, indicates that more output is available than is included in the
 20542  	// current response. Use this value in the NextToken request parameter in a
 20543  	// subsequent call to the operation to get the next part of the output. You
 20544  	// should repeat this until the NextToken response element comes back as null.
 20545  	NextToken *string `type:"string"`
 20546  }
 20547  
 20548  // String returns the string representation.
 20549  //
 20550  // API parameter values that are decorated as "sensitive" in the API will not
 20551  // be included in the string output. The member name will be present, but the
 20552  // value will be replaced with "sensitive".
 20553  func (s ListCreateAccountStatusOutput) String() string {
 20554  	return awsutil.Prettify(s)
 20555  }
 20556  
 20557  // GoString returns the string representation.
 20558  //
 20559  // API parameter values that are decorated as "sensitive" in the API will not
 20560  // be included in the string output. The member name will be present, but the
 20561  // value will be replaced with "sensitive".
 20562  func (s ListCreateAccountStatusOutput) GoString() string {
 20563  	return s.String()
 20564  }
 20565  
 20566  // SetCreateAccountStatuses sets the CreateAccountStatuses field's value.
 20567  func (s *ListCreateAccountStatusOutput) SetCreateAccountStatuses(v []*CreateAccountStatus) *ListCreateAccountStatusOutput {
 20568  	s.CreateAccountStatuses = v
 20569  	return s
 20570  }
 20571  
 20572  // SetNextToken sets the NextToken field's value.
 20573  func (s *ListCreateAccountStatusOutput) SetNextToken(v string) *ListCreateAccountStatusOutput {
 20574  	s.NextToken = &v
 20575  	return s
 20576  }
 20577  
 20578  type ListDelegatedAdministratorsInput struct {
 20579  	_ struct{} `type:"structure"`
 20580  
 20581  	// The total number of results that you want included on each page of the response.
 20582  	// If you do not include this parameter, it defaults to a value that is specific
 20583  	// to the operation. If additional items exist beyond the maximum you specify,
 20584  	// the NextToken response element is present and has a value (is not null).
 20585  	// Include that value as the NextToken request parameter in the next call to
 20586  	// the operation to get the next part of the results. Note that Organizations
 20587  	// might return fewer results than the maximum even when there are more results
 20588  	// available. You should check NextToken after every operation to ensure that
 20589  	// you receive all of the results.
 20590  	MaxResults *int64 `min:"1" type:"integer"`
 20591  
 20592  	// The parameter for receiving additional results if you receive a NextToken
 20593  	// response in a previous request. A NextToken response indicates that more
 20594  	// output is available. Set this parameter to the value of the previous call's
 20595  	// NextToken response to indicate where the output should continue from.
 20596  	NextToken *string `type:"string"`
 20597  
 20598  	// Specifies a service principal name. If specified, then the operation lists
 20599  	// the delegated administrators only for the specified service.
 20600  	//
 20601  	// If you don't specify a service principal, the operation lists all delegated
 20602  	// administrators for all services in your organization.
 20603  	ServicePrincipal *string `min:"1" type:"string"`
 20604  }
 20605  
 20606  // String returns the string representation.
 20607  //
 20608  // API parameter values that are decorated as "sensitive" in the API will not
 20609  // be included in the string output. The member name will be present, but the
 20610  // value will be replaced with "sensitive".
 20611  func (s ListDelegatedAdministratorsInput) String() string {
 20612  	return awsutil.Prettify(s)
 20613  }
 20614  
 20615  // GoString returns the string representation.
 20616  //
 20617  // API parameter values that are decorated as "sensitive" in the API will not
 20618  // be included in the string output. The member name will be present, but the
 20619  // value will be replaced with "sensitive".
 20620  func (s ListDelegatedAdministratorsInput) GoString() string {
 20621  	return s.String()
 20622  }
 20623  
 20624  // Validate inspects the fields of the type to determine if they are valid.
 20625  func (s *ListDelegatedAdministratorsInput) Validate() error {
 20626  	invalidParams := request.ErrInvalidParams{Context: "ListDelegatedAdministratorsInput"}
 20627  	if s.MaxResults != nil && *s.MaxResults < 1 {
 20628  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 20629  	}
 20630  	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
 20631  		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
 20632  	}
 20633  
 20634  	if invalidParams.Len() > 0 {
 20635  		return invalidParams
 20636  	}
 20637  	return nil
 20638  }
 20639  
 20640  // SetMaxResults sets the MaxResults field's value.
 20641  func (s *ListDelegatedAdministratorsInput) SetMaxResults(v int64) *ListDelegatedAdministratorsInput {
 20642  	s.MaxResults = &v
 20643  	return s
 20644  }
 20645  
 20646  // SetNextToken sets the NextToken field's value.
 20647  func (s *ListDelegatedAdministratorsInput) SetNextToken(v string) *ListDelegatedAdministratorsInput {
 20648  	s.NextToken = &v
 20649  	return s
 20650  }
 20651  
 20652  // SetServicePrincipal sets the ServicePrincipal field's value.
 20653  func (s *ListDelegatedAdministratorsInput) SetServicePrincipal(v string) *ListDelegatedAdministratorsInput {
 20654  	s.ServicePrincipal = &v
 20655  	return s
 20656  }
 20657  
 20658  type ListDelegatedAdministratorsOutput struct {
 20659  	_ struct{} `type:"structure"`
 20660  
 20661  	// The list of delegated administrators in your organization.
 20662  	DelegatedAdministrators []*DelegatedAdministrator `type:"list"`
 20663  
 20664  	// If present, indicates that more output is available than is included in the
 20665  	// current response. Use this value in the NextToken request parameter in a
 20666  	// subsequent call to the operation to get the next part of the output. You
 20667  	// should repeat this until the NextToken response element comes back as null.
 20668  	NextToken *string `type:"string"`
 20669  }
 20670  
 20671  // String returns the string representation.
 20672  //
 20673  // API parameter values that are decorated as "sensitive" in the API will not
 20674  // be included in the string output. The member name will be present, but the
 20675  // value will be replaced with "sensitive".
 20676  func (s ListDelegatedAdministratorsOutput) String() string {
 20677  	return awsutil.Prettify(s)
 20678  }
 20679  
 20680  // GoString returns the string representation.
 20681  //
 20682  // API parameter values that are decorated as "sensitive" in the API will not
 20683  // be included in the string output. The member name will be present, but the
 20684  // value will be replaced with "sensitive".
 20685  func (s ListDelegatedAdministratorsOutput) GoString() string {
 20686  	return s.String()
 20687  }
 20688  
 20689  // SetDelegatedAdministrators sets the DelegatedAdministrators field's value.
 20690  func (s *ListDelegatedAdministratorsOutput) SetDelegatedAdministrators(v []*DelegatedAdministrator) *ListDelegatedAdministratorsOutput {
 20691  	s.DelegatedAdministrators = v
 20692  	return s
 20693  }
 20694  
 20695  // SetNextToken sets the NextToken field's value.
 20696  func (s *ListDelegatedAdministratorsOutput) SetNextToken(v string) *ListDelegatedAdministratorsOutput {
 20697  	s.NextToken = &v
 20698  	return s
 20699  }
 20700  
 20701  type ListDelegatedServicesForAccountInput struct {
 20702  	_ struct{} `type:"structure"`
 20703  
 20704  	// The account ID number of a delegated administrator account in the organization.
 20705  	//
 20706  	// AccountId is a required field
 20707  	AccountId *string `type:"string" required:"true"`
 20708  
 20709  	// The total number of results that you want included on each page of the response.
 20710  	// If you do not include this parameter, it defaults to a value that is specific
 20711  	// to the operation. If additional items exist beyond the maximum you specify,
 20712  	// the NextToken response element is present and has a value (is not null).
 20713  	// Include that value as the NextToken request parameter in the next call to
 20714  	// the operation to get the next part of the results. Note that Organizations
 20715  	// might return fewer results than the maximum even when there are more results
 20716  	// available. You should check NextToken after every operation to ensure that
 20717  	// you receive all of the results.
 20718  	MaxResults *int64 `min:"1" type:"integer"`
 20719  
 20720  	// The parameter for receiving additional results if you receive a NextToken
 20721  	// response in a previous request. A NextToken response indicates that more
 20722  	// output is available. Set this parameter to the value of the previous call's
 20723  	// NextToken response to indicate where the output should continue from.
 20724  	NextToken *string `type:"string"`
 20725  }
 20726  
 20727  // String returns the string representation.
 20728  //
 20729  // API parameter values that are decorated as "sensitive" in the API will not
 20730  // be included in the string output. The member name will be present, but the
 20731  // value will be replaced with "sensitive".
 20732  func (s ListDelegatedServicesForAccountInput) String() string {
 20733  	return awsutil.Prettify(s)
 20734  }
 20735  
 20736  // GoString returns the string representation.
 20737  //
 20738  // API parameter values that are decorated as "sensitive" in the API will not
 20739  // be included in the string output. The member name will be present, but the
 20740  // value will be replaced with "sensitive".
 20741  func (s ListDelegatedServicesForAccountInput) GoString() string {
 20742  	return s.String()
 20743  }
 20744  
 20745  // Validate inspects the fields of the type to determine if they are valid.
 20746  func (s *ListDelegatedServicesForAccountInput) Validate() error {
 20747  	invalidParams := request.ErrInvalidParams{Context: "ListDelegatedServicesForAccountInput"}
 20748  	if s.AccountId == nil {
 20749  		invalidParams.Add(request.NewErrParamRequired("AccountId"))
 20750  	}
 20751  	if s.MaxResults != nil && *s.MaxResults < 1 {
 20752  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 20753  	}
 20754  
 20755  	if invalidParams.Len() > 0 {
 20756  		return invalidParams
 20757  	}
 20758  	return nil
 20759  }
 20760  
 20761  // SetAccountId sets the AccountId field's value.
 20762  func (s *ListDelegatedServicesForAccountInput) SetAccountId(v string) *ListDelegatedServicesForAccountInput {
 20763  	s.AccountId = &v
 20764  	return s
 20765  }
 20766  
 20767  // SetMaxResults sets the MaxResults field's value.
 20768  func (s *ListDelegatedServicesForAccountInput) SetMaxResults(v int64) *ListDelegatedServicesForAccountInput {
 20769  	s.MaxResults = &v
 20770  	return s
 20771  }
 20772  
 20773  // SetNextToken sets the NextToken field's value.
 20774  func (s *ListDelegatedServicesForAccountInput) SetNextToken(v string) *ListDelegatedServicesForAccountInput {
 20775  	s.NextToken = &v
 20776  	return s
 20777  }
 20778  
 20779  type ListDelegatedServicesForAccountOutput struct {
 20780  	_ struct{} `type:"structure"`
 20781  
 20782  	// The services for which the account is a delegated administrator.
 20783  	DelegatedServices []*DelegatedService `type:"list"`
 20784  
 20785  	// If present, indicates that more output is available than is included in the
 20786  	// current response. Use this value in the NextToken request parameter in a
 20787  	// subsequent call to the operation to get the next part of the output. You
 20788  	// should repeat this until the NextToken response element comes back as null.
 20789  	NextToken *string `type:"string"`
 20790  }
 20791  
 20792  // String returns the string representation.
 20793  //
 20794  // API parameter values that are decorated as "sensitive" in the API will not
 20795  // be included in the string output. The member name will be present, but the
 20796  // value will be replaced with "sensitive".
 20797  func (s ListDelegatedServicesForAccountOutput) String() string {
 20798  	return awsutil.Prettify(s)
 20799  }
 20800  
 20801  // GoString returns the string representation.
 20802  //
 20803  // API parameter values that are decorated as "sensitive" in the API will not
 20804  // be included in the string output. The member name will be present, but the
 20805  // value will be replaced with "sensitive".
 20806  func (s ListDelegatedServicesForAccountOutput) GoString() string {
 20807  	return s.String()
 20808  }
 20809  
 20810  // SetDelegatedServices sets the DelegatedServices field's value.
 20811  func (s *ListDelegatedServicesForAccountOutput) SetDelegatedServices(v []*DelegatedService) *ListDelegatedServicesForAccountOutput {
 20812  	s.DelegatedServices = v
 20813  	return s
 20814  }
 20815  
 20816  // SetNextToken sets the NextToken field's value.
 20817  func (s *ListDelegatedServicesForAccountOutput) SetNextToken(v string) *ListDelegatedServicesForAccountOutput {
 20818  	s.NextToken = &v
 20819  	return s
 20820  }
 20821  
 20822  type ListHandshakesForAccountInput struct {
 20823  	_ struct{} `type:"structure"`
 20824  
 20825  	// Filters the handshakes that you want included in the response. The default
 20826  	// is all types. Use the ActionType element to limit the output to only a specified
 20827  	// type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively,
 20828  	// for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake
 20829  	// for each member account, you can specify ParentHandshakeId to see only the
 20830  	// handshakes that were generated by that parent request.
 20831  	Filter *HandshakeFilter `type:"structure"`
 20832  
 20833  	// The total number of results that you want included on each page of the response.
 20834  	// If you do not include this parameter, it defaults to a value that is specific
 20835  	// to the operation. If additional items exist beyond the maximum you specify,
 20836  	// the NextToken response element is present and has a value (is not null).
 20837  	// Include that value as the NextToken request parameter in the next call to
 20838  	// the operation to get the next part of the results. Note that Organizations
 20839  	// might return fewer results than the maximum even when there are more results
 20840  	// available. You should check NextToken after every operation to ensure that
 20841  	// you receive all of the results.
 20842  	MaxResults *int64 `min:"1" type:"integer"`
 20843  
 20844  	// The parameter for receiving additional results if you receive a NextToken
 20845  	// response in a previous request. A NextToken response indicates that more
 20846  	// output is available. Set this parameter to the value of the previous call's
 20847  	// NextToken response to indicate where the output should continue from.
 20848  	NextToken *string `type:"string"`
 20849  }
 20850  
 20851  // String returns the string representation.
 20852  //
 20853  // API parameter values that are decorated as "sensitive" in the API will not
 20854  // be included in the string output. The member name will be present, but the
 20855  // value will be replaced with "sensitive".
 20856  func (s ListHandshakesForAccountInput) String() string {
 20857  	return awsutil.Prettify(s)
 20858  }
 20859  
 20860  // GoString returns the string representation.
 20861  //
 20862  // API parameter values that are decorated as "sensitive" in the API will not
 20863  // be included in the string output. The member name will be present, but the
 20864  // value will be replaced with "sensitive".
 20865  func (s ListHandshakesForAccountInput) GoString() string {
 20866  	return s.String()
 20867  }
 20868  
 20869  // Validate inspects the fields of the type to determine if they are valid.
 20870  func (s *ListHandshakesForAccountInput) Validate() error {
 20871  	invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForAccountInput"}
 20872  	if s.MaxResults != nil && *s.MaxResults < 1 {
 20873  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 20874  	}
 20875  
 20876  	if invalidParams.Len() > 0 {
 20877  		return invalidParams
 20878  	}
 20879  	return nil
 20880  }
 20881  
 20882  // SetFilter sets the Filter field's value.
 20883  func (s *ListHandshakesForAccountInput) SetFilter(v *HandshakeFilter) *ListHandshakesForAccountInput {
 20884  	s.Filter = v
 20885  	return s
 20886  }
 20887  
 20888  // SetMaxResults sets the MaxResults field's value.
 20889  func (s *ListHandshakesForAccountInput) SetMaxResults(v int64) *ListHandshakesForAccountInput {
 20890  	s.MaxResults = &v
 20891  	return s
 20892  }
 20893  
 20894  // SetNextToken sets the NextToken field's value.
 20895  func (s *ListHandshakesForAccountInput) SetNextToken(v string) *ListHandshakesForAccountInput {
 20896  	s.NextToken = &v
 20897  	return s
 20898  }
 20899  
 20900  type ListHandshakesForAccountOutput struct {
 20901  	_ struct{} `type:"structure"`
 20902  
 20903  	// A list of Handshake objects with details about each of the handshakes that
 20904  	// is associated with the specified account.
 20905  	Handshakes []*Handshake `type:"list"`
 20906  
 20907  	// If present, indicates that more output is available than is included in the
 20908  	// current response. Use this value in the NextToken request parameter in a
 20909  	// subsequent call to the operation to get the next part of the output. You
 20910  	// should repeat this until the NextToken response element comes back as null.
 20911  	NextToken *string `type:"string"`
 20912  }
 20913  
 20914  // String returns the string representation.
 20915  //
 20916  // API parameter values that are decorated as "sensitive" in the API will not
 20917  // be included in the string output. The member name will be present, but the
 20918  // value will be replaced with "sensitive".
 20919  func (s ListHandshakesForAccountOutput) String() string {
 20920  	return awsutil.Prettify(s)
 20921  }
 20922  
 20923  // GoString returns the string representation.
 20924  //
 20925  // API parameter values that are decorated as "sensitive" in the API will not
 20926  // be included in the string output. The member name will be present, but the
 20927  // value will be replaced with "sensitive".
 20928  func (s ListHandshakesForAccountOutput) GoString() string {
 20929  	return s.String()
 20930  }
 20931  
 20932  // SetHandshakes sets the Handshakes field's value.
 20933  func (s *ListHandshakesForAccountOutput) SetHandshakes(v []*Handshake) *ListHandshakesForAccountOutput {
 20934  	s.Handshakes = v
 20935  	return s
 20936  }
 20937  
 20938  // SetNextToken sets the NextToken field's value.
 20939  func (s *ListHandshakesForAccountOutput) SetNextToken(v string) *ListHandshakesForAccountOutput {
 20940  	s.NextToken = &v
 20941  	return s
 20942  }
 20943  
 20944  type ListHandshakesForOrganizationInput struct {
 20945  	_ struct{} `type:"structure"`
 20946  
 20947  	// A filter of the handshakes that you want included in the response. The default
 20948  	// is all types. Use the ActionType element to limit the output to only a specified
 20949  	// type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively,
 20950  	// for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake
 20951  	// for each member account, you can specify the ParentHandshakeId to see only
 20952  	// the handshakes that were generated by that parent request.
 20953  	Filter *HandshakeFilter `type:"structure"`
 20954  
 20955  	// The total number of results that you want included on each page of the response.
 20956  	// If you do not include this parameter, it defaults to a value that is specific
 20957  	// to the operation. If additional items exist beyond the maximum you specify,
 20958  	// the NextToken response element is present and has a value (is not null).
 20959  	// Include that value as the NextToken request parameter in the next call to
 20960  	// the operation to get the next part of the results. Note that Organizations
 20961  	// might return fewer results than the maximum even when there are more results
 20962  	// available. You should check NextToken after every operation to ensure that
 20963  	// you receive all of the results.
 20964  	MaxResults *int64 `min:"1" type:"integer"`
 20965  
 20966  	// The parameter for receiving additional results if you receive a NextToken
 20967  	// response in a previous request. A NextToken response indicates that more
 20968  	// output is available. Set this parameter to the value of the previous call's
 20969  	// NextToken response to indicate where the output should continue from.
 20970  	NextToken *string `type:"string"`
 20971  }
 20972  
 20973  // String returns the string representation.
 20974  //
 20975  // API parameter values that are decorated as "sensitive" in the API will not
 20976  // be included in the string output. The member name will be present, but the
 20977  // value will be replaced with "sensitive".
 20978  func (s ListHandshakesForOrganizationInput) String() string {
 20979  	return awsutil.Prettify(s)
 20980  }
 20981  
 20982  // GoString returns the string representation.
 20983  //
 20984  // API parameter values that are decorated as "sensitive" in the API will not
 20985  // be included in the string output. The member name will be present, but the
 20986  // value will be replaced with "sensitive".
 20987  func (s ListHandshakesForOrganizationInput) GoString() string {
 20988  	return s.String()
 20989  }
 20990  
 20991  // Validate inspects the fields of the type to determine if they are valid.
 20992  func (s *ListHandshakesForOrganizationInput) Validate() error {
 20993  	invalidParams := request.ErrInvalidParams{Context: "ListHandshakesForOrganizationInput"}
 20994  	if s.MaxResults != nil && *s.MaxResults < 1 {
 20995  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 20996  	}
 20997  
 20998  	if invalidParams.Len() > 0 {
 20999  		return invalidParams
 21000  	}
 21001  	return nil
 21002  }
 21003  
 21004  // SetFilter sets the Filter field's value.
 21005  func (s *ListHandshakesForOrganizationInput) SetFilter(v *HandshakeFilter) *ListHandshakesForOrganizationInput {
 21006  	s.Filter = v
 21007  	return s
 21008  }
 21009  
 21010  // SetMaxResults sets the MaxResults field's value.
 21011  func (s *ListHandshakesForOrganizationInput) SetMaxResults(v int64) *ListHandshakesForOrganizationInput {
 21012  	s.MaxResults = &v
 21013  	return s
 21014  }
 21015  
 21016  // SetNextToken sets the NextToken field's value.
 21017  func (s *ListHandshakesForOrganizationInput) SetNextToken(v string) *ListHandshakesForOrganizationInput {
 21018  	s.NextToken = &v
 21019  	return s
 21020  }
 21021  
 21022  type ListHandshakesForOrganizationOutput struct {
 21023  	_ struct{} `type:"structure"`
 21024  
 21025  	// A list of Handshake objects with details about each of the handshakes that
 21026  	// are associated with an organization.
 21027  	Handshakes []*Handshake `type:"list"`
 21028  
 21029  	// If present, indicates that more output is available than is included in the
 21030  	// current response. Use this value in the NextToken request parameter in a
 21031  	// subsequent call to the operation to get the next part of the output. You
 21032  	// should repeat this until the NextToken response element comes back as null.
 21033  	NextToken *string `type:"string"`
 21034  }
 21035  
 21036  // String returns the string representation.
 21037  //
 21038  // API parameter values that are decorated as "sensitive" in the API will not
 21039  // be included in the string output. The member name will be present, but the
 21040  // value will be replaced with "sensitive".
 21041  func (s ListHandshakesForOrganizationOutput) String() string {
 21042  	return awsutil.Prettify(s)
 21043  }
 21044  
 21045  // GoString returns the string representation.
 21046  //
 21047  // API parameter values that are decorated as "sensitive" in the API will not
 21048  // be included in the string output. The member name will be present, but the
 21049  // value will be replaced with "sensitive".
 21050  func (s ListHandshakesForOrganizationOutput) GoString() string {
 21051  	return s.String()
 21052  }
 21053  
 21054  // SetHandshakes sets the Handshakes field's value.
 21055  func (s *ListHandshakesForOrganizationOutput) SetHandshakes(v []*Handshake) *ListHandshakesForOrganizationOutput {
 21056  	s.Handshakes = v
 21057  	return s
 21058  }
 21059  
 21060  // SetNextToken sets the NextToken field's value.
 21061  func (s *ListHandshakesForOrganizationOutput) SetNextToken(v string) *ListHandshakesForOrganizationOutput {
 21062  	s.NextToken = &v
 21063  	return s
 21064  }
 21065  
 21066  type ListOrganizationalUnitsForParentInput struct {
 21067  	_ struct{} `type:"structure"`
 21068  
 21069  	// The total number of results that you want included on each page of the response.
 21070  	// If you do not include this parameter, it defaults to a value that is specific
 21071  	// to the operation. If additional items exist beyond the maximum you specify,
 21072  	// the NextToken response element is present and has a value (is not null).
 21073  	// Include that value as the NextToken request parameter in the next call to
 21074  	// the operation to get the next part of the results. Note that Organizations
 21075  	// might return fewer results than the maximum even when there are more results
 21076  	// available. You should check NextToken after every operation to ensure that
 21077  	// you receive all of the results.
 21078  	MaxResults *int64 `min:"1" type:"integer"`
 21079  
 21080  	// The parameter for receiving additional results if you receive a NextToken
 21081  	// response in a previous request. A NextToken response indicates that more
 21082  	// output is available. Set this parameter to the value of the previous call's
 21083  	// NextToken response to indicate where the output should continue from.
 21084  	NextToken *string `type:"string"`
 21085  
 21086  	// The unique identifier (ID) of the root or OU whose child OUs you want to
 21087  	// list.
 21088  	//
 21089  	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
 21090  	// requires one of the following:
 21091  	//
 21092  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 21093  	//    letters or digits.
 21094  	//
 21095  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 21096  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 21097  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 21098  	//    32 additional lowercase letters or digits.
 21099  	//
 21100  	// ParentId is a required field
 21101  	ParentId *string `type:"string" required:"true"`
 21102  }
 21103  
 21104  // String returns the string representation.
 21105  //
 21106  // API parameter values that are decorated as "sensitive" in the API will not
 21107  // be included in the string output. The member name will be present, but the
 21108  // value will be replaced with "sensitive".
 21109  func (s ListOrganizationalUnitsForParentInput) String() string {
 21110  	return awsutil.Prettify(s)
 21111  }
 21112  
 21113  // GoString returns the string representation.
 21114  //
 21115  // API parameter values that are decorated as "sensitive" in the API will not
 21116  // be included in the string output. The member name will be present, but the
 21117  // value will be replaced with "sensitive".
 21118  func (s ListOrganizationalUnitsForParentInput) GoString() string {
 21119  	return s.String()
 21120  }
 21121  
 21122  // Validate inspects the fields of the type to determine if they are valid.
 21123  func (s *ListOrganizationalUnitsForParentInput) Validate() error {
 21124  	invalidParams := request.ErrInvalidParams{Context: "ListOrganizationalUnitsForParentInput"}
 21125  	if s.MaxResults != nil && *s.MaxResults < 1 {
 21126  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 21127  	}
 21128  	if s.ParentId == nil {
 21129  		invalidParams.Add(request.NewErrParamRequired("ParentId"))
 21130  	}
 21131  
 21132  	if invalidParams.Len() > 0 {
 21133  		return invalidParams
 21134  	}
 21135  	return nil
 21136  }
 21137  
 21138  // SetMaxResults sets the MaxResults field's value.
 21139  func (s *ListOrganizationalUnitsForParentInput) SetMaxResults(v int64) *ListOrganizationalUnitsForParentInput {
 21140  	s.MaxResults = &v
 21141  	return s
 21142  }
 21143  
 21144  // SetNextToken sets the NextToken field's value.
 21145  func (s *ListOrganizationalUnitsForParentInput) SetNextToken(v string) *ListOrganizationalUnitsForParentInput {
 21146  	s.NextToken = &v
 21147  	return s
 21148  }
 21149  
 21150  // SetParentId sets the ParentId field's value.
 21151  func (s *ListOrganizationalUnitsForParentInput) SetParentId(v string) *ListOrganizationalUnitsForParentInput {
 21152  	s.ParentId = &v
 21153  	return s
 21154  }
 21155  
 21156  type ListOrganizationalUnitsForParentOutput struct {
 21157  	_ struct{} `type:"structure"`
 21158  
 21159  	// If present, indicates that more output is available than is included in the
 21160  	// current response. Use this value in the NextToken request parameter in a
 21161  	// subsequent call to the operation to get the next part of the output. You
 21162  	// should repeat this until the NextToken response element comes back as null.
 21163  	NextToken *string `type:"string"`
 21164  
 21165  	// A list of the OUs in the specified root or parent OU.
 21166  	OrganizationalUnits []*OrganizationalUnit `type:"list"`
 21167  }
 21168  
 21169  // String returns the string representation.
 21170  //
 21171  // API parameter values that are decorated as "sensitive" in the API will not
 21172  // be included in the string output. The member name will be present, but the
 21173  // value will be replaced with "sensitive".
 21174  func (s ListOrganizationalUnitsForParentOutput) String() string {
 21175  	return awsutil.Prettify(s)
 21176  }
 21177  
 21178  // GoString returns the string representation.
 21179  //
 21180  // API parameter values that are decorated as "sensitive" in the API will not
 21181  // be included in the string output. The member name will be present, but the
 21182  // value will be replaced with "sensitive".
 21183  func (s ListOrganizationalUnitsForParentOutput) GoString() string {
 21184  	return s.String()
 21185  }
 21186  
 21187  // SetNextToken sets the NextToken field's value.
 21188  func (s *ListOrganizationalUnitsForParentOutput) SetNextToken(v string) *ListOrganizationalUnitsForParentOutput {
 21189  	s.NextToken = &v
 21190  	return s
 21191  }
 21192  
 21193  // SetOrganizationalUnits sets the OrganizationalUnits field's value.
 21194  func (s *ListOrganizationalUnitsForParentOutput) SetOrganizationalUnits(v []*OrganizationalUnit) *ListOrganizationalUnitsForParentOutput {
 21195  	s.OrganizationalUnits = v
 21196  	return s
 21197  }
 21198  
 21199  type ListParentsInput struct {
 21200  	_ struct{} `type:"structure"`
 21201  
 21202  	// The unique identifier (ID) of the OU or account whose parent containers you
 21203  	// want to list. Don't specify a root.
 21204  	//
 21205  	// The regex pattern (http://wikipedia.org/wiki/regex) for a child ID string
 21206  	// requires one of the following:
 21207  	//
 21208  	//    * Account - A string that consists of exactly 12 digits.
 21209  	//
 21210  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 21211  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that contains
 21212  	//    the OU). This string is followed by a second "-" dash and from 8 to 32
 21213  	//    additional lowercase letters or digits.
 21214  	//
 21215  	// ChildId is a required field
 21216  	ChildId *string `type:"string" required:"true"`
 21217  
 21218  	// The total number of results that you want included on each page of the response.
 21219  	// If you do not include this parameter, it defaults to a value that is specific
 21220  	// to the operation. If additional items exist beyond the maximum you specify,
 21221  	// the NextToken response element is present and has a value (is not null).
 21222  	// Include that value as the NextToken request parameter in the next call to
 21223  	// the operation to get the next part of the results. Note that Organizations
 21224  	// might return fewer results than the maximum even when there are more results
 21225  	// available. You should check NextToken after every operation to ensure that
 21226  	// you receive all of the results.
 21227  	MaxResults *int64 `min:"1" type:"integer"`
 21228  
 21229  	// The parameter for receiving additional results if you receive a NextToken
 21230  	// response in a previous request. A NextToken response indicates that more
 21231  	// output is available. Set this parameter to the value of the previous call's
 21232  	// NextToken response to indicate where the output should continue from.
 21233  	NextToken *string `type:"string"`
 21234  }
 21235  
 21236  // String returns the string representation.
 21237  //
 21238  // API parameter values that are decorated as "sensitive" in the API will not
 21239  // be included in the string output. The member name will be present, but the
 21240  // value will be replaced with "sensitive".
 21241  func (s ListParentsInput) String() string {
 21242  	return awsutil.Prettify(s)
 21243  }
 21244  
 21245  // GoString returns the string representation.
 21246  //
 21247  // API parameter values that are decorated as "sensitive" in the API will not
 21248  // be included in the string output. The member name will be present, but the
 21249  // value will be replaced with "sensitive".
 21250  func (s ListParentsInput) GoString() string {
 21251  	return s.String()
 21252  }
 21253  
 21254  // Validate inspects the fields of the type to determine if they are valid.
 21255  func (s *ListParentsInput) Validate() error {
 21256  	invalidParams := request.ErrInvalidParams{Context: "ListParentsInput"}
 21257  	if s.ChildId == nil {
 21258  		invalidParams.Add(request.NewErrParamRequired("ChildId"))
 21259  	}
 21260  	if s.MaxResults != nil && *s.MaxResults < 1 {
 21261  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 21262  	}
 21263  
 21264  	if invalidParams.Len() > 0 {
 21265  		return invalidParams
 21266  	}
 21267  	return nil
 21268  }
 21269  
 21270  // SetChildId sets the ChildId field's value.
 21271  func (s *ListParentsInput) SetChildId(v string) *ListParentsInput {
 21272  	s.ChildId = &v
 21273  	return s
 21274  }
 21275  
 21276  // SetMaxResults sets the MaxResults field's value.
 21277  func (s *ListParentsInput) SetMaxResults(v int64) *ListParentsInput {
 21278  	s.MaxResults = &v
 21279  	return s
 21280  }
 21281  
 21282  // SetNextToken sets the NextToken field's value.
 21283  func (s *ListParentsInput) SetNextToken(v string) *ListParentsInput {
 21284  	s.NextToken = &v
 21285  	return s
 21286  }
 21287  
 21288  type ListParentsOutput struct {
 21289  	_ struct{} `type:"structure"`
 21290  
 21291  	// If present, indicates that more output is available than is included in the
 21292  	// current response. Use this value in the NextToken request parameter in a
 21293  	// subsequent call to the operation to get the next part of the output. You
 21294  	// should repeat this until the NextToken response element comes back as null.
 21295  	NextToken *string `type:"string"`
 21296  
 21297  	// A list of parents for the specified child account or OU.
 21298  	Parents []*Parent `type:"list"`
 21299  }
 21300  
 21301  // String returns the string representation.
 21302  //
 21303  // API parameter values that are decorated as "sensitive" in the API will not
 21304  // be included in the string output. The member name will be present, but the
 21305  // value will be replaced with "sensitive".
 21306  func (s ListParentsOutput) String() string {
 21307  	return awsutil.Prettify(s)
 21308  }
 21309  
 21310  // GoString returns the string representation.
 21311  //
 21312  // API parameter values that are decorated as "sensitive" in the API will not
 21313  // be included in the string output. The member name will be present, but the
 21314  // value will be replaced with "sensitive".
 21315  func (s ListParentsOutput) GoString() string {
 21316  	return s.String()
 21317  }
 21318  
 21319  // SetNextToken sets the NextToken field's value.
 21320  func (s *ListParentsOutput) SetNextToken(v string) *ListParentsOutput {
 21321  	s.NextToken = &v
 21322  	return s
 21323  }
 21324  
 21325  // SetParents sets the Parents field's value.
 21326  func (s *ListParentsOutput) SetParents(v []*Parent) *ListParentsOutput {
 21327  	s.Parents = v
 21328  	return s
 21329  }
 21330  
 21331  type ListPoliciesForTargetInput struct {
 21332  	_ struct{} `type:"structure"`
 21333  
 21334  	// The type of policy that you want to include in the returned list. You must
 21335  	// specify one of the following values:
 21336  	//
 21337  	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
 21338  	//
 21339  	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
 21340  	//
 21341  	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
 21342  	//
 21343  	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
 21344  	//
 21345  	// Filter is a required field
 21346  	Filter *string `type:"string" required:"true" enum:"PolicyType"`
 21347  
 21348  	// The total number of results that you want included on each page of the response.
 21349  	// If you do not include this parameter, it defaults to a value that is specific
 21350  	// to the operation. If additional items exist beyond the maximum you specify,
 21351  	// the NextToken response element is present and has a value (is not null).
 21352  	// Include that value as the NextToken request parameter in the next call to
 21353  	// the operation to get the next part of the results. Note that Organizations
 21354  	// might return fewer results than the maximum even when there are more results
 21355  	// available. You should check NextToken after every operation to ensure that
 21356  	// you receive all of the results.
 21357  	MaxResults *int64 `min:"1" type:"integer"`
 21358  
 21359  	// The parameter for receiving additional results if you receive a NextToken
 21360  	// response in a previous request. A NextToken response indicates that more
 21361  	// output is available. Set this parameter to the value of the previous call's
 21362  	// NextToken response to indicate where the output should continue from.
 21363  	NextToken *string `type:"string"`
 21364  
 21365  	// The unique identifier (ID) of the root, organizational unit, or account whose
 21366  	// policies you want to list.
 21367  	//
 21368  	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
 21369  	// requires one of the following:
 21370  	//
 21371  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 21372  	//    letters or digits.
 21373  	//
 21374  	//    * Account - A string that consists of exactly 12 digits.
 21375  	//
 21376  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 21377  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 21378  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 21379  	//    32 additional lowercase letters or digits.
 21380  	//
 21381  	// TargetId is a required field
 21382  	TargetId *string `type:"string" required:"true"`
 21383  }
 21384  
 21385  // String returns the string representation.
 21386  //
 21387  // API parameter values that are decorated as "sensitive" in the API will not
 21388  // be included in the string output. The member name will be present, but the
 21389  // value will be replaced with "sensitive".
 21390  func (s ListPoliciesForTargetInput) String() string {
 21391  	return awsutil.Prettify(s)
 21392  }
 21393  
 21394  // GoString returns the string representation.
 21395  //
 21396  // API parameter values that are decorated as "sensitive" in the API will not
 21397  // be included in the string output. The member name will be present, but the
 21398  // value will be replaced with "sensitive".
 21399  func (s ListPoliciesForTargetInput) GoString() string {
 21400  	return s.String()
 21401  }
 21402  
 21403  // Validate inspects the fields of the type to determine if they are valid.
 21404  func (s *ListPoliciesForTargetInput) Validate() error {
 21405  	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesForTargetInput"}
 21406  	if s.Filter == nil {
 21407  		invalidParams.Add(request.NewErrParamRequired("Filter"))
 21408  	}
 21409  	if s.MaxResults != nil && *s.MaxResults < 1 {
 21410  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 21411  	}
 21412  	if s.TargetId == nil {
 21413  		invalidParams.Add(request.NewErrParamRequired("TargetId"))
 21414  	}
 21415  
 21416  	if invalidParams.Len() > 0 {
 21417  		return invalidParams
 21418  	}
 21419  	return nil
 21420  }
 21421  
 21422  // SetFilter sets the Filter field's value.
 21423  func (s *ListPoliciesForTargetInput) SetFilter(v string) *ListPoliciesForTargetInput {
 21424  	s.Filter = &v
 21425  	return s
 21426  }
 21427  
 21428  // SetMaxResults sets the MaxResults field's value.
 21429  func (s *ListPoliciesForTargetInput) SetMaxResults(v int64) *ListPoliciesForTargetInput {
 21430  	s.MaxResults = &v
 21431  	return s
 21432  }
 21433  
 21434  // SetNextToken sets the NextToken field's value.
 21435  func (s *ListPoliciesForTargetInput) SetNextToken(v string) *ListPoliciesForTargetInput {
 21436  	s.NextToken = &v
 21437  	return s
 21438  }
 21439  
 21440  // SetTargetId sets the TargetId field's value.
 21441  func (s *ListPoliciesForTargetInput) SetTargetId(v string) *ListPoliciesForTargetInput {
 21442  	s.TargetId = &v
 21443  	return s
 21444  }
 21445  
 21446  type ListPoliciesForTargetOutput struct {
 21447  	_ struct{} `type:"structure"`
 21448  
 21449  	// If present, indicates that more output is available than is included in the
 21450  	// current response. Use this value in the NextToken request parameter in a
 21451  	// subsequent call to the operation to get the next part of the output. You
 21452  	// should repeat this until the NextToken response element comes back as null.
 21453  	NextToken *string `type:"string"`
 21454  
 21455  	// The list of policies that match the criteria in the request.
 21456  	Policies []*PolicySummary `type:"list"`
 21457  }
 21458  
 21459  // String returns the string representation.
 21460  //
 21461  // API parameter values that are decorated as "sensitive" in the API will not
 21462  // be included in the string output. The member name will be present, but the
 21463  // value will be replaced with "sensitive".
 21464  func (s ListPoliciesForTargetOutput) String() string {
 21465  	return awsutil.Prettify(s)
 21466  }
 21467  
 21468  // GoString returns the string representation.
 21469  //
 21470  // API parameter values that are decorated as "sensitive" in the API will not
 21471  // be included in the string output. The member name will be present, but the
 21472  // value will be replaced with "sensitive".
 21473  func (s ListPoliciesForTargetOutput) GoString() string {
 21474  	return s.String()
 21475  }
 21476  
 21477  // SetNextToken sets the NextToken field's value.
 21478  func (s *ListPoliciesForTargetOutput) SetNextToken(v string) *ListPoliciesForTargetOutput {
 21479  	s.NextToken = &v
 21480  	return s
 21481  }
 21482  
 21483  // SetPolicies sets the Policies field's value.
 21484  func (s *ListPoliciesForTargetOutput) SetPolicies(v []*PolicySummary) *ListPoliciesForTargetOutput {
 21485  	s.Policies = v
 21486  	return s
 21487  }
 21488  
 21489  type ListPoliciesInput struct {
 21490  	_ struct{} `type:"structure"`
 21491  
 21492  	// Specifies the type of policy that you want to include in the response. You
 21493  	// must specify one of the following values:
 21494  	//
 21495  	//    * AISERVICES_OPT_OUT_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_ai-opt-out.html)
 21496  	//
 21497  	//    * BACKUP_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_backup.html)
 21498  	//
 21499  	//    * SERVICE_CONTROL_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html)
 21500  	//
 21501  	//    * TAG_POLICY (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_tag-policies.html)
 21502  	//
 21503  	// Filter is a required field
 21504  	Filter *string `type:"string" required:"true" enum:"PolicyType"`
 21505  
 21506  	// The total number of results that you want included on each page of the response.
 21507  	// If you do not include this parameter, it defaults to a value that is specific
 21508  	// to the operation. If additional items exist beyond the maximum you specify,
 21509  	// the NextToken response element is present and has a value (is not null).
 21510  	// Include that value as the NextToken request parameter in the next call to
 21511  	// the operation to get the next part of the results. Note that Organizations
 21512  	// might return fewer results than the maximum even when there are more results
 21513  	// available. You should check NextToken after every operation to ensure that
 21514  	// you receive all of the results.
 21515  	MaxResults *int64 `min:"1" type:"integer"`
 21516  
 21517  	// The parameter for receiving additional results if you receive a NextToken
 21518  	// response in a previous request. A NextToken response indicates that more
 21519  	// output is available. Set this parameter to the value of the previous call's
 21520  	// NextToken response to indicate where the output should continue from.
 21521  	NextToken *string `type:"string"`
 21522  }
 21523  
 21524  // String returns the string representation.
 21525  //
 21526  // API parameter values that are decorated as "sensitive" in the API will not
 21527  // be included in the string output. The member name will be present, but the
 21528  // value will be replaced with "sensitive".
 21529  func (s ListPoliciesInput) String() string {
 21530  	return awsutil.Prettify(s)
 21531  }
 21532  
 21533  // GoString returns the string representation.
 21534  //
 21535  // API parameter values that are decorated as "sensitive" in the API will not
 21536  // be included in the string output. The member name will be present, but the
 21537  // value will be replaced with "sensitive".
 21538  func (s ListPoliciesInput) GoString() string {
 21539  	return s.String()
 21540  }
 21541  
 21542  // Validate inspects the fields of the type to determine if they are valid.
 21543  func (s *ListPoliciesInput) Validate() error {
 21544  	invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"}
 21545  	if s.Filter == nil {
 21546  		invalidParams.Add(request.NewErrParamRequired("Filter"))
 21547  	}
 21548  	if s.MaxResults != nil && *s.MaxResults < 1 {
 21549  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 21550  	}
 21551  
 21552  	if invalidParams.Len() > 0 {
 21553  		return invalidParams
 21554  	}
 21555  	return nil
 21556  }
 21557  
 21558  // SetFilter sets the Filter field's value.
 21559  func (s *ListPoliciesInput) SetFilter(v string) *ListPoliciesInput {
 21560  	s.Filter = &v
 21561  	return s
 21562  }
 21563  
 21564  // SetMaxResults sets the MaxResults field's value.
 21565  func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput {
 21566  	s.MaxResults = &v
 21567  	return s
 21568  }
 21569  
 21570  // SetNextToken sets the NextToken field's value.
 21571  func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput {
 21572  	s.NextToken = &v
 21573  	return s
 21574  }
 21575  
 21576  type ListPoliciesOutput struct {
 21577  	_ struct{} `type:"structure"`
 21578  
 21579  	// If present, indicates that more output is available than is included in the
 21580  	// current response. Use this value in the NextToken request parameter in a
 21581  	// subsequent call to the operation to get the next part of the output. You
 21582  	// should repeat this until the NextToken response element comes back as null.
 21583  	NextToken *string `type:"string"`
 21584  
 21585  	// A list of policies that match the filter criteria in the request. The output
 21586  	// list doesn't include the policy contents. To see the content for a policy,
 21587  	// see DescribePolicy.
 21588  	Policies []*PolicySummary `type:"list"`
 21589  }
 21590  
 21591  // String returns the string representation.
 21592  //
 21593  // API parameter values that are decorated as "sensitive" in the API will not
 21594  // be included in the string output. The member name will be present, but the
 21595  // value will be replaced with "sensitive".
 21596  func (s ListPoliciesOutput) String() string {
 21597  	return awsutil.Prettify(s)
 21598  }
 21599  
 21600  // GoString returns the string representation.
 21601  //
 21602  // API parameter values that are decorated as "sensitive" in the API will not
 21603  // be included in the string output. The member name will be present, but the
 21604  // value will be replaced with "sensitive".
 21605  func (s ListPoliciesOutput) GoString() string {
 21606  	return s.String()
 21607  }
 21608  
 21609  // SetNextToken sets the NextToken field's value.
 21610  func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput {
 21611  	s.NextToken = &v
 21612  	return s
 21613  }
 21614  
 21615  // SetPolicies sets the Policies field's value.
 21616  func (s *ListPoliciesOutput) SetPolicies(v []*PolicySummary) *ListPoliciesOutput {
 21617  	s.Policies = v
 21618  	return s
 21619  }
 21620  
 21621  type ListRootsInput struct {
 21622  	_ struct{} `type:"structure"`
 21623  
 21624  	// The total number of results that you want included on each page of the response.
 21625  	// If you do not include this parameter, it defaults to a value that is specific
 21626  	// to the operation. If additional items exist beyond the maximum you specify,
 21627  	// the NextToken response element is present and has a value (is not null).
 21628  	// Include that value as the NextToken request parameter in the next call to
 21629  	// the operation to get the next part of the results. Note that Organizations
 21630  	// might return fewer results than the maximum even when there are more results
 21631  	// available. You should check NextToken after every operation to ensure that
 21632  	// you receive all of the results.
 21633  	MaxResults *int64 `min:"1" type:"integer"`
 21634  
 21635  	// The parameter for receiving additional results if you receive a NextToken
 21636  	// response in a previous request. A NextToken response indicates that more
 21637  	// output is available. Set this parameter to the value of the previous call's
 21638  	// NextToken response to indicate where the output should continue from.
 21639  	NextToken *string `type:"string"`
 21640  }
 21641  
 21642  // String returns the string representation.
 21643  //
 21644  // API parameter values that are decorated as "sensitive" in the API will not
 21645  // be included in the string output. The member name will be present, but the
 21646  // value will be replaced with "sensitive".
 21647  func (s ListRootsInput) String() string {
 21648  	return awsutil.Prettify(s)
 21649  }
 21650  
 21651  // GoString returns the string representation.
 21652  //
 21653  // API parameter values that are decorated as "sensitive" in the API will not
 21654  // be included in the string output. The member name will be present, but the
 21655  // value will be replaced with "sensitive".
 21656  func (s ListRootsInput) GoString() string {
 21657  	return s.String()
 21658  }
 21659  
 21660  // Validate inspects the fields of the type to determine if they are valid.
 21661  func (s *ListRootsInput) Validate() error {
 21662  	invalidParams := request.ErrInvalidParams{Context: "ListRootsInput"}
 21663  	if s.MaxResults != nil && *s.MaxResults < 1 {
 21664  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 21665  	}
 21666  
 21667  	if invalidParams.Len() > 0 {
 21668  		return invalidParams
 21669  	}
 21670  	return nil
 21671  }
 21672  
 21673  // SetMaxResults sets the MaxResults field's value.
 21674  func (s *ListRootsInput) SetMaxResults(v int64) *ListRootsInput {
 21675  	s.MaxResults = &v
 21676  	return s
 21677  }
 21678  
 21679  // SetNextToken sets the NextToken field's value.
 21680  func (s *ListRootsInput) SetNextToken(v string) *ListRootsInput {
 21681  	s.NextToken = &v
 21682  	return s
 21683  }
 21684  
 21685  type ListRootsOutput struct {
 21686  	_ struct{} `type:"structure"`
 21687  
 21688  	// If present, indicates that more output is available than is included in the
 21689  	// current response. Use this value in the NextToken request parameter in a
 21690  	// subsequent call to the operation to get the next part of the output. You
 21691  	// should repeat this until the NextToken response element comes back as null.
 21692  	NextToken *string `type:"string"`
 21693  
 21694  	// A list of roots that are defined in an organization.
 21695  	Roots []*Root `type:"list"`
 21696  }
 21697  
 21698  // String returns the string representation.
 21699  //
 21700  // API parameter values that are decorated as "sensitive" in the API will not
 21701  // be included in the string output. The member name will be present, but the
 21702  // value will be replaced with "sensitive".
 21703  func (s ListRootsOutput) String() string {
 21704  	return awsutil.Prettify(s)
 21705  }
 21706  
 21707  // GoString returns the string representation.
 21708  //
 21709  // API parameter values that are decorated as "sensitive" in the API will not
 21710  // be included in the string output. The member name will be present, but the
 21711  // value will be replaced with "sensitive".
 21712  func (s ListRootsOutput) GoString() string {
 21713  	return s.String()
 21714  }
 21715  
 21716  // SetNextToken sets the NextToken field's value.
 21717  func (s *ListRootsOutput) SetNextToken(v string) *ListRootsOutput {
 21718  	s.NextToken = &v
 21719  	return s
 21720  }
 21721  
 21722  // SetRoots sets the Roots field's value.
 21723  func (s *ListRootsOutput) SetRoots(v []*Root) *ListRootsOutput {
 21724  	s.Roots = v
 21725  	return s
 21726  }
 21727  
 21728  type ListTagsForResourceInput struct {
 21729  	_ struct{} `type:"structure"`
 21730  
 21731  	// The parameter for receiving additional results if you receive a NextToken
 21732  	// response in a previous request. A NextToken response indicates that more
 21733  	// output is available. Set this parameter to the value of the previous call's
 21734  	// NextToken response to indicate where the output should continue from.
 21735  	NextToken *string `type:"string"`
 21736  
 21737  	// The ID of the resource with the tags to list.
 21738  	//
 21739  	// You can specify any of the following taggable resources.
 21740  	//
 21741  	//    * AWS account – specify the account ID number.
 21742  	//
 21743  	//    * Organizational unit – specify the OU ID that begins with ou- and looks
 21744  	//    similar to: ou-1a2b-34uvwxyz
 21745  	//
 21746  	//    * Root – specify the root ID that begins with r- and looks similar to:
 21747  	//    r-1a2b
 21748  	//
 21749  	//    * Policy – specify the policy ID that begins with p- andlooks similar
 21750  	//    to: p-12abcdefg3
 21751  	//
 21752  	// ResourceId is a required field
 21753  	ResourceId *string `type:"string" required:"true"`
 21754  }
 21755  
 21756  // String returns the string representation.
 21757  //
 21758  // API parameter values that are decorated as "sensitive" in the API will not
 21759  // be included in the string output. The member name will be present, but the
 21760  // value will be replaced with "sensitive".
 21761  func (s ListTagsForResourceInput) String() string {
 21762  	return awsutil.Prettify(s)
 21763  }
 21764  
 21765  // GoString returns the string representation.
 21766  //
 21767  // API parameter values that are decorated as "sensitive" in the API will not
 21768  // be included in the string output. The member name will be present, but the
 21769  // value will be replaced with "sensitive".
 21770  func (s ListTagsForResourceInput) GoString() string {
 21771  	return s.String()
 21772  }
 21773  
 21774  // Validate inspects the fields of the type to determine if they are valid.
 21775  func (s *ListTagsForResourceInput) Validate() error {
 21776  	invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
 21777  	if s.ResourceId == nil {
 21778  		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
 21779  	}
 21780  
 21781  	if invalidParams.Len() > 0 {
 21782  		return invalidParams
 21783  	}
 21784  	return nil
 21785  }
 21786  
 21787  // SetNextToken sets the NextToken field's value.
 21788  func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput {
 21789  	s.NextToken = &v
 21790  	return s
 21791  }
 21792  
 21793  // SetResourceId sets the ResourceId field's value.
 21794  func (s *ListTagsForResourceInput) SetResourceId(v string) *ListTagsForResourceInput {
 21795  	s.ResourceId = &v
 21796  	return s
 21797  }
 21798  
 21799  type ListTagsForResourceOutput struct {
 21800  	_ struct{} `type:"structure"`
 21801  
 21802  	// If present, indicates that more output is available than is included in the
 21803  	// current response. Use this value in the NextToken request parameter in a
 21804  	// subsequent call to the operation to get the next part of the output. You
 21805  	// should repeat this until the NextToken response element comes back as null.
 21806  	NextToken *string `type:"string"`
 21807  
 21808  	// The tags that are assigned to the resource.
 21809  	Tags []*Tag `type:"list"`
 21810  }
 21811  
 21812  // String returns the string representation.
 21813  //
 21814  // API parameter values that are decorated as "sensitive" in the API will not
 21815  // be included in the string output. The member name will be present, but the
 21816  // value will be replaced with "sensitive".
 21817  func (s ListTagsForResourceOutput) String() string {
 21818  	return awsutil.Prettify(s)
 21819  }
 21820  
 21821  // GoString returns the string representation.
 21822  //
 21823  // API parameter values that are decorated as "sensitive" in the API will not
 21824  // be included in the string output. The member name will be present, but the
 21825  // value will be replaced with "sensitive".
 21826  func (s ListTagsForResourceOutput) GoString() string {
 21827  	return s.String()
 21828  }
 21829  
 21830  // SetNextToken sets the NextToken field's value.
 21831  func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput {
 21832  	s.NextToken = &v
 21833  	return s
 21834  }
 21835  
 21836  // SetTags sets the Tags field's value.
 21837  func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput {
 21838  	s.Tags = v
 21839  	return s
 21840  }
 21841  
 21842  type ListTargetsForPolicyInput struct {
 21843  	_ struct{} `type:"structure"`
 21844  
 21845  	// The total number of results that you want included on each page of the response.
 21846  	// If you do not include this parameter, it defaults to a value that is specific
 21847  	// to the operation. If additional items exist beyond the maximum you specify,
 21848  	// the NextToken response element is present and has a value (is not null).
 21849  	// Include that value as the NextToken request parameter in the next call to
 21850  	// the operation to get the next part of the results. Note that Organizations
 21851  	// might return fewer results than the maximum even when there are more results
 21852  	// available. You should check NextToken after every operation to ensure that
 21853  	// you receive all of the results.
 21854  	MaxResults *int64 `min:"1" type:"integer"`
 21855  
 21856  	// The parameter for receiving additional results if you receive a NextToken
 21857  	// response in a previous request. A NextToken response indicates that more
 21858  	// output is available. Set this parameter to the value of the previous call's
 21859  	// NextToken response to indicate where the output should continue from.
 21860  	NextToken *string `type:"string"`
 21861  
 21862  	// The unique identifier (ID) of the policy whose attachments you want to know.
 21863  	//
 21864  	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
 21865  	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
 21866  	// or the underscore character (_).
 21867  	//
 21868  	// PolicyId is a required field
 21869  	PolicyId *string `type:"string" required:"true"`
 21870  }
 21871  
 21872  // String returns the string representation.
 21873  //
 21874  // API parameter values that are decorated as "sensitive" in the API will not
 21875  // be included in the string output. The member name will be present, but the
 21876  // value will be replaced with "sensitive".
 21877  func (s ListTargetsForPolicyInput) String() string {
 21878  	return awsutil.Prettify(s)
 21879  }
 21880  
 21881  // GoString returns the string representation.
 21882  //
 21883  // API parameter values that are decorated as "sensitive" in the API will not
 21884  // be included in the string output. The member name will be present, but the
 21885  // value will be replaced with "sensitive".
 21886  func (s ListTargetsForPolicyInput) GoString() string {
 21887  	return s.String()
 21888  }
 21889  
 21890  // Validate inspects the fields of the type to determine if they are valid.
 21891  func (s *ListTargetsForPolicyInput) Validate() error {
 21892  	invalidParams := request.ErrInvalidParams{Context: "ListTargetsForPolicyInput"}
 21893  	if s.MaxResults != nil && *s.MaxResults < 1 {
 21894  		invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
 21895  	}
 21896  	if s.PolicyId == nil {
 21897  		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
 21898  	}
 21899  
 21900  	if invalidParams.Len() > 0 {
 21901  		return invalidParams
 21902  	}
 21903  	return nil
 21904  }
 21905  
 21906  // SetMaxResults sets the MaxResults field's value.
 21907  func (s *ListTargetsForPolicyInput) SetMaxResults(v int64) *ListTargetsForPolicyInput {
 21908  	s.MaxResults = &v
 21909  	return s
 21910  }
 21911  
 21912  // SetNextToken sets the NextToken field's value.
 21913  func (s *ListTargetsForPolicyInput) SetNextToken(v string) *ListTargetsForPolicyInput {
 21914  	s.NextToken = &v
 21915  	return s
 21916  }
 21917  
 21918  // SetPolicyId sets the PolicyId field's value.
 21919  func (s *ListTargetsForPolicyInput) SetPolicyId(v string) *ListTargetsForPolicyInput {
 21920  	s.PolicyId = &v
 21921  	return s
 21922  }
 21923  
 21924  type ListTargetsForPolicyOutput struct {
 21925  	_ struct{} `type:"structure"`
 21926  
 21927  	// If present, indicates that more output is available than is included in the
 21928  	// current response. Use this value in the NextToken request parameter in a
 21929  	// subsequent call to the operation to get the next part of the output. You
 21930  	// should repeat this until the NextToken response element comes back as null.
 21931  	NextToken *string `type:"string"`
 21932  
 21933  	// A list of structures, each of which contains details about one of the entities
 21934  	// to which the specified policy is attached.
 21935  	Targets []*PolicyTargetSummary `type:"list"`
 21936  }
 21937  
 21938  // String returns the string representation.
 21939  //
 21940  // API parameter values that are decorated as "sensitive" in the API will not
 21941  // be included in the string output. The member name will be present, but the
 21942  // value will be replaced with "sensitive".
 21943  func (s ListTargetsForPolicyOutput) String() string {
 21944  	return awsutil.Prettify(s)
 21945  }
 21946  
 21947  // GoString returns the string representation.
 21948  //
 21949  // API parameter values that are decorated as "sensitive" in the API will not
 21950  // be included in the string output. The member name will be present, but the
 21951  // value will be replaced with "sensitive".
 21952  func (s ListTargetsForPolicyOutput) GoString() string {
 21953  	return s.String()
 21954  }
 21955  
 21956  // SetNextToken sets the NextToken field's value.
 21957  func (s *ListTargetsForPolicyOutput) SetNextToken(v string) *ListTargetsForPolicyOutput {
 21958  	s.NextToken = &v
 21959  	return s
 21960  }
 21961  
 21962  // SetTargets sets the Targets field's value.
 21963  func (s *ListTargetsForPolicyOutput) SetTargets(v []*PolicyTargetSummary) *ListTargetsForPolicyOutput {
 21964  	s.Targets = v
 21965  	return s
 21966  }
 21967  
 21968  // The provided policy document doesn't meet the requirements of the specified
 21969  // policy type. For example, the syntax might be incorrect. For details about
 21970  // service control policy syntax, see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
 21971  // in the AWS Organizations User Guide.
 21972  type MalformedPolicyDocumentException struct {
 21973  	_            struct{}                  `type:"structure"`
 21974  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 21975  
 21976  	Message_ *string `locationName:"Message" type:"string"`
 21977  }
 21978  
 21979  // String returns the string representation.
 21980  //
 21981  // API parameter values that are decorated as "sensitive" in the API will not
 21982  // be included in the string output. The member name will be present, but the
 21983  // value will be replaced with "sensitive".
 21984  func (s MalformedPolicyDocumentException) String() string {
 21985  	return awsutil.Prettify(s)
 21986  }
 21987  
 21988  // GoString returns the string representation.
 21989  //
 21990  // API parameter values that are decorated as "sensitive" in the API will not
 21991  // be included in the string output. The member name will be present, but the
 21992  // value will be replaced with "sensitive".
 21993  func (s MalformedPolicyDocumentException) GoString() string {
 21994  	return s.String()
 21995  }
 21996  
 21997  func newErrorMalformedPolicyDocumentException(v protocol.ResponseMetadata) error {
 21998  	return &MalformedPolicyDocumentException{
 21999  		RespMetadata: v,
 22000  	}
 22001  }
 22002  
 22003  // Code returns the exception type name.
 22004  func (s *MalformedPolicyDocumentException) Code() string {
 22005  	return "MalformedPolicyDocumentException"
 22006  }
 22007  
 22008  // Message returns the exception's message.
 22009  func (s *MalformedPolicyDocumentException) Message() string {
 22010  	if s.Message_ != nil {
 22011  		return *s.Message_
 22012  	}
 22013  	return ""
 22014  }
 22015  
 22016  // OrigErr always returns nil, satisfies awserr.Error interface.
 22017  func (s *MalformedPolicyDocumentException) OrigErr() error {
 22018  	return nil
 22019  }
 22020  
 22021  func (s *MalformedPolicyDocumentException) Error() string {
 22022  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 22023  }
 22024  
 22025  // Status code returns the HTTP status code for the request's response error.
 22026  func (s *MalformedPolicyDocumentException) StatusCode() int {
 22027  	return s.RespMetadata.StatusCode
 22028  }
 22029  
 22030  // RequestID returns the service's response RequestID for request.
 22031  func (s *MalformedPolicyDocumentException) RequestID() string {
 22032  	return s.RespMetadata.RequestID
 22033  }
 22034  
 22035  // You can't remove a management account from an organization. If you want the
 22036  // management account to become a member account in another organization, you
 22037  // must first delete the current organization of the management account.
 22038  type MasterCannotLeaveOrganizationException struct {
 22039  	_            struct{}                  `type:"structure"`
 22040  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 22041  
 22042  	Message_ *string `locationName:"Message" type:"string"`
 22043  }
 22044  
 22045  // String returns the string representation.
 22046  //
 22047  // API parameter values that are decorated as "sensitive" in the API will not
 22048  // be included in the string output. The member name will be present, but the
 22049  // value will be replaced with "sensitive".
 22050  func (s MasterCannotLeaveOrganizationException) String() string {
 22051  	return awsutil.Prettify(s)
 22052  }
 22053  
 22054  // GoString returns the string representation.
 22055  //
 22056  // API parameter values that are decorated as "sensitive" in the API will not
 22057  // be included in the string output. The member name will be present, but the
 22058  // value will be replaced with "sensitive".
 22059  func (s MasterCannotLeaveOrganizationException) GoString() string {
 22060  	return s.String()
 22061  }
 22062  
 22063  func newErrorMasterCannotLeaveOrganizationException(v protocol.ResponseMetadata) error {
 22064  	return &MasterCannotLeaveOrganizationException{
 22065  		RespMetadata: v,
 22066  	}
 22067  }
 22068  
 22069  // Code returns the exception type name.
 22070  func (s *MasterCannotLeaveOrganizationException) Code() string {
 22071  	return "MasterCannotLeaveOrganizationException"
 22072  }
 22073  
 22074  // Message returns the exception's message.
 22075  func (s *MasterCannotLeaveOrganizationException) Message() string {
 22076  	if s.Message_ != nil {
 22077  		return *s.Message_
 22078  	}
 22079  	return ""
 22080  }
 22081  
 22082  // OrigErr always returns nil, satisfies awserr.Error interface.
 22083  func (s *MasterCannotLeaveOrganizationException) OrigErr() error {
 22084  	return nil
 22085  }
 22086  
 22087  func (s *MasterCannotLeaveOrganizationException) Error() string {
 22088  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 22089  }
 22090  
 22091  // Status code returns the HTTP status code for the request's response error.
 22092  func (s *MasterCannotLeaveOrganizationException) StatusCode() int {
 22093  	return s.RespMetadata.StatusCode
 22094  }
 22095  
 22096  // RequestID returns the service's response RequestID for request.
 22097  func (s *MasterCannotLeaveOrganizationException) RequestID() string {
 22098  	return s.RespMetadata.RequestID
 22099  }
 22100  
 22101  type MoveAccountInput struct {
 22102  	_ struct{} `type:"structure"`
 22103  
 22104  	// The unique identifier (ID) of the account that you want to move.
 22105  	//
 22106  	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
 22107  	// requires exactly 12 digits.
 22108  	//
 22109  	// AccountId is a required field
 22110  	AccountId *string `type:"string" required:"true"`
 22111  
 22112  	// The unique identifier (ID) of the root or organizational unit that you want
 22113  	// to move the account to.
 22114  	//
 22115  	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
 22116  	// requires one of the following:
 22117  	//
 22118  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 22119  	//    letters or digits.
 22120  	//
 22121  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 22122  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 22123  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 22124  	//    32 additional lowercase letters or digits.
 22125  	//
 22126  	// DestinationParentId is a required field
 22127  	DestinationParentId *string `type:"string" required:"true"`
 22128  
 22129  	// The unique identifier (ID) of the root or organizational unit that you want
 22130  	// to move the account from.
 22131  	//
 22132  	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
 22133  	// requires one of the following:
 22134  	//
 22135  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 22136  	//    letters or digits.
 22137  	//
 22138  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 22139  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 22140  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 22141  	//    32 additional lowercase letters or digits.
 22142  	//
 22143  	// SourceParentId is a required field
 22144  	SourceParentId *string `type:"string" required:"true"`
 22145  }
 22146  
 22147  // String returns the string representation.
 22148  //
 22149  // API parameter values that are decorated as "sensitive" in the API will not
 22150  // be included in the string output. The member name will be present, but the
 22151  // value will be replaced with "sensitive".
 22152  func (s MoveAccountInput) String() string {
 22153  	return awsutil.Prettify(s)
 22154  }
 22155  
 22156  // GoString returns the string representation.
 22157  //
 22158  // API parameter values that are decorated as "sensitive" in the API will not
 22159  // be included in the string output. The member name will be present, but the
 22160  // value will be replaced with "sensitive".
 22161  func (s MoveAccountInput) GoString() string {
 22162  	return s.String()
 22163  }
 22164  
 22165  // Validate inspects the fields of the type to determine if they are valid.
 22166  func (s *MoveAccountInput) Validate() error {
 22167  	invalidParams := request.ErrInvalidParams{Context: "MoveAccountInput"}
 22168  	if s.AccountId == nil {
 22169  		invalidParams.Add(request.NewErrParamRequired("AccountId"))
 22170  	}
 22171  	if s.DestinationParentId == nil {
 22172  		invalidParams.Add(request.NewErrParamRequired("DestinationParentId"))
 22173  	}
 22174  	if s.SourceParentId == nil {
 22175  		invalidParams.Add(request.NewErrParamRequired("SourceParentId"))
 22176  	}
 22177  
 22178  	if invalidParams.Len() > 0 {
 22179  		return invalidParams
 22180  	}
 22181  	return nil
 22182  }
 22183  
 22184  // SetAccountId sets the AccountId field's value.
 22185  func (s *MoveAccountInput) SetAccountId(v string) *MoveAccountInput {
 22186  	s.AccountId = &v
 22187  	return s
 22188  }
 22189  
 22190  // SetDestinationParentId sets the DestinationParentId field's value.
 22191  func (s *MoveAccountInput) SetDestinationParentId(v string) *MoveAccountInput {
 22192  	s.DestinationParentId = &v
 22193  	return s
 22194  }
 22195  
 22196  // SetSourceParentId sets the SourceParentId field's value.
 22197  func (s *MoveAccountInput) SetSourceParentId(v string) *MoveAccountInput {
 22198  	s.SourceParentId = &v
 22199  	return s
 22200  }
 22201  
 22202  type MoveAccountOutput struct {
 22203  	_ struct{} `type:"structure"`
 22204  }
 22205  
 22206  // String returns the string representation.
 22207  //
 22208  // API parameter values that are decorated as "sensitive" in the API will not
 22209  // be included in the string output. The member name will be present, but the
 22210  // value will be replaced with "sensitive".
 22211  func (s MoveAccountOutput) String() string {
 22212  	return awsutil.Prettify(s)
 22213  }
 22214  
 22215  // GoString returns the string representation.
 22216  //
 22217  // API parameter values that are decorated as "sensitive" in the API will not
 22218  // be included in the string output. The member name will be present, but the
 22219  // value will be replaced with "sensitive".
 22220  func (s MoveAccountOutput) GoString() string {
 22221  	return s.String()
 22222  }
 22223  
 22224  // Contains details about an organization. An organization is a collection of
 22225  // accounts that are centrally managed together using consolidated billing,
 22226  // organized hierarchically with organizational units (OUs), and controlled
 22227  // with policies .
 22228  type Organization struct {
 22229  	_ struct{} `type:"structure"`
 22230  
 22231  	// The Amazon Resource Name (ARN) of an organization.
 22232  	//
 22233  	// For more information about ARNs in Organizations, see ARN Formats Supported
 22234  	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
 22235  	// in the AWS Service Authorization Reference.
 22236  	Arn *string `type:"string"`
 22237  
 22238  	//
 22239  	// Do not use. This field is deprecated and doesn't provide complete information
 22240  	// about the policies in your organization.
 22241  	//
 22242  	// To determine the policies that are enabled and available for use in your
 22243  	// organization, use the ListRoots operation instead.
 22244  	AvailablePolicyTypes []*PolicyTypeSummary `type:"list"`
 22245  
 22246  	// Specifies the functionality that currently is available to the organization.
 22247  	// If set to "ALL", then all features are enabled and policies can be applied
 22248  	// to accounts in the organization. If set to "CONSOLIDATED_BILLING", then only
 22249  	// consolidated billing functionality is available. For more information, see
 22250  	// Enabling All Features in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
 22251  	// in the AWS Organizations User Guide.
 22252  	FeatureSet *string `type:"string" enum:"OrganizationFeatureSet"`
 22253  
 22254  	// The unique identifier (ID) of an organization.
 22255  	//
 22256  	// The regex pattern (http://wikipedia.org/wiki/regex) for an organization ID
 22257  	// string requires "o-" followed by from 10 to 32 lowercase letters or digits.
 22258  	Id *string `type:"string"`
 22259  
 22260  	// The Amazon Resource Name (ARN) of the account that is designated as the management
 22261  	// account for the organization.
 22262  	//
 22263  	// For more information about ARNs in Organizations, see ARN Formats Supported
 22264  	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
 22265  	// in the AWS Service Authorization Reference.
 22266  	MasterAccountArn *string `type:"string"`
 22267  
 22268  	// The email address that is associated with the AWS account that is designated
 22269  	// as the management account for the organization.
 22270  	//
 22271  	// MasterAccountEmail is a sensitive parameter and its value will be
 22272  	// replaced with "sensitive" in string returned by Organization's
 22273  	// String and GoString methods.
 22274  	MasterAccountEmail *string `min:"6" type:"string" sensitive:"true"`
 22275  
 22276  	// The unique identifier (ID) of the management account of an organization.
 22277  	//
 22278  	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
 22279  	// requires exactly 12 digits.
 22280  	MasterAccountId *string `type:"string"`
 22281  }
 22282  
 22283  // String returns the string representation.
 22284  //
 22285  // API parameter values that are decorated as "sensitive" in the API will not
 22286  // be included in the string output. The member name will be present, but the
 22287  // value will be replaced with "sensitive".
 22288  func (s Organization) String() string {
 22289  	return awsutil.Prettify(s)
 22290  }
 22291  
 22292  // GoString returns the string representation.
 22293  //
 22294  // API parameter values that are decorated as "sensitive" in the API will not
 22295  // be included in the string output. The member name will be present, but the
 22296  // value will be replaced with "sensitive".
 22297  func (s Organization) GoString() string {
 22298  	return s.String()
 22299  }
 22300  
 22301  // SetArn sets the Arn field's value.
 22302  func (s *Organization) SetArn(v string) *Organization {
 22303  	s.Arn = &v
 22304  	return s
 22305  }
 22306  
 22307  // SetAvailablePolicyTypes sets the AvailablePolicyTypes field's value.
 22308  func (s *Organization) SetAvailablePolicyTypes(v []*PolicyTypeSummary) *Organization {
 22309  	s.AvailablePolicyTypes = v
 22310  	return s
 22311  }
 22312  
 22313  // SetFeatureSet sets the FeatureSet field's value.
 22314  func (s *Organization) SetFeatureSet(v string) *Organization {
 22315  	s.FeatureSet = &v
 22316  	return s
 22317  }
 22318  
 22319  // SetId sets the Id field's value.
 22320  func (s *Organization) SetId(v string) *Organization {
 22321  	s.Id = &v
 22322  	return s
 22323  }
 22324  
 22325  // SetMasterAccountArn sets the MasterAccountArn field's value.
 22326  func (s *Organization) SetMasterAccountArn(v string) *Organization {
 22327  	s.MasterAccountArn = &v
 22328  	return s
 22329  }
 22330  
 22331  // SetMasterAccountEmail sets the MasterAccountEmail field's value.
 22332  func (s *Organization) SetMasterAccountEmail(v string) *Organization {
 22333  	s.MasterAccountEmail = &v
 22334  	return s
 22335  }
 22336  
 22337  // SetMasterAccountId sets the MasterAccountId field's value.
 22338  func (s *Organization) SetMasterAccountId(v string) *Organization {
 22339  	s.MasterAccountId = &v
 22340  	return s
 22341  }
 22342  
 22343  // The organization isn't empty. To delete an organization, you must first remove
 22344  // all accounts except the management account, delete all OUs, and delete all
 22345  // policies.
 22346  type OrganizationNotEmptyException struct {
 22347  	_            struct{}                  `type:"structure"`
 22348  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 22349  
 22350  	Message_ *string `locationName:"Message" type:"string"`
 22351  }
 22352  
 22353  // String returns the string representation.
 22354  //
 22355  // API parameter values that are decorated as "sensitive" in the API will not
 22356  // be included in the string output. The member name will be present, but the
 22357  // value will be replaced with "sensitive".
 22358  func (s OrganizationNotEmptyException) String() string {
 22359  	return awsutil.Prettify(s)
 22360  }
 22361  
 22362  // GoString returns the string representation.
 22363  //
 22364  // API parameter values that are decorated as "sensitive" in the API will not
 22365  // be included in the string output. The member name will be present, but the
 22366  // value will be replaced with "sensitive".
 22367  func (s OrganizationNotEmptyException) GoString() string {
 22368  	return s.String()
 22369  }
 22370  
 22371  func newErrorOrganizationNotEmptyException(v protocol.ResponseMetadata) error {
 22372  	return &OrganizationNotEmptyException{
 22373  		RespMetadata: v,
 22374  	}
 22375  }
 22376  
 22377  // Code returns the exception type name.
 22378  func (s *OrganizationNotEmptyException) Code() string {
 22379  	return "OrganizationNotEmptyException"
 22380  }
 22381  
 22382  // Message returns the exception's message.
 22383  func (s *OrganizationNotEmptyException) Message() string {
 22384  	if s.Message_ != nil {
 22385  		return *s.Message_
 22386  	}
 22387  	return ""
 22388  }
 22389  
 22390  // OrigErr always returns nil, satisfies awserr.Error interface.
 22391  func (s *OrganizationNotEmptyException) OrigErr() error {
 22392  	return nil
 22393  }
 22394  
 22395  func (s *OrganizationNotEmptyException) Error() string {
 22396  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 22397  }
 22398  
 22399  // Status code returns the HTTP status code for the request's response error.
 22400  func (s *OrganizationNotEmptyException) StatusCode() int {
 22401  	return s.RespMetadata.StatusCode
 22402  }
 22403  
 22404  // RequestID returns the service's response RequestID for request.
 22405  func (s *OrganizationNotEmptyException) RequestID() string {
 22406  	return s.RespMetadata.RequestID
 22407  }
 22408  
 22409  // Contains details about an organizational unit (OU). An OU is a container
 22410  // of AWS accounts within a root of an organization. Policies that are attached
 22411  // to an OU apply to all accounts contained in that OU and in any child OUs.
 22412  type OrganizationalUnit struct {
 22413  	_ struct{} `type:"structure"`
 22414  
 22415  	// The Amazon Resource Name (ARN) of this OU.
 22416  	//
 22417  	// For more information about ARNs in Organizations, see ARN Formats Supported
 22418  	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
 22419  	// in the AWS Service Authorization Reference.
 22420  	Arn *string `type:"string"`
 22421  
 22422  	// The unique identifier (ID) associated with this OU.
 22423  	//
 22424  	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
 22425  	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
 22426  	// or digits (the ID of the root that contains the OU). This string is followed
 22427  	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
 22428  	Id *string `type:"string"`
 22429  
 22430  	// The friendly name of this OU.
 22431  	//
 22432  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 22433  	// this parameter is a string of any of the characters in the ASCII character
 22434  	// range.
 22435  	Name *string `min:"1" type:"string"`
 22436  }
 22437  
 22438  // String returns the string representation.
 22439  //
 22440  // API parameter values that are decorated as "sensitive" in the API will not
 22441  // be included in the string output. The member name will be present, but the
 22442  // value will be replaced with "sensitive".
 22443  func (s OrganizationalUnit) String() string {
 22444  	return awsutil.Prettify(s)
 22445  }
 22446  
 22447  // GoString returns the string representation.
 22448  //
 22449  // API parameter values that are decorated as "sensitive" in the API will not
 22450  // be included in the string output. The member name will be present, but the
 22451  // value will be replaced with "sensitive".
 22452  func (s OrganizationalUnit) GoString() string {
 22453  	return s.String()
 22454  }
 22455  
 22456  // SetArn sets the Arn field's value.
 22457  func (s *OrganizationalUnit) SetArn(v string) *OrganizationalUnit {
 22458  	s.Arn = &v
 22459  	return s
 22460  }
 22461  
 22462  // SetId sets the Id field's value.
 22463  func (s *OrganizationalUnit) SetId(v string) *OrganizationalUnit {
 22464  	s.Id = &v
 22465  	return s
 22466  }
 22467  
 22468  // SetName sets the Name field's value.
 22469  func (s *OrganizationalUnit) SetName(v string) *OrganizationalUnit {
 22470  	s.Name = &v
 22471  	return s
 22472  }
 22473  
 22474  // The specified OU is not empty. Move all accounts to another root or to other
 22475  // OUs, remove all child OUs, and try the operation again.
 22476  type OrganizationalUnitNotEmptyException struct {
 22477  	_            struct{}                  `type:"structure"`
 22478  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 22479  
 22480  	Message_ *string `locationName:"Message" type:"string"`
 22481  }
 22482  
 22483  // String returns the string representation.
 22484  //
 22485  // API parameter values that are decorated as "sensitive" in the API will not
 22486  // be included in the string output. The member name will be present, but the
 22487  // value will be replaced with "sensitive".
 22488  func (s OrganizationalUnitNotEmptyException) String() string {
 22489  	return awsutil.Prettify(s)
 22490  }
 22491  
 22492  // GoString returns the string representation.
 22493  //
 22494  // API parameter values that are decorated as "sensitive" in the API will not
 22495  // be included in the string output. The member name will be present, but the
 22496  // value will be replaced with "sensitive".
 22497  func (s OrganizationalUnitNotEmptyException) GoString() string {
 22498  	return s.String()
 22499  }
 22500  
 22501  func newErrorOrganizationalUnitNotEmptyException(v protocol.ResponseMetadata) error {
 22502  	return &OrganizationalUnitNotEmptyException{
 22503  		RespMetadata: v,
 22504  	}
 22505  }
 22506  
 22507  // Code returns the exception type name.
 22508  func (s *OrganizationalUnitNotEmptyException) Code() string {
 22509  	return "OrganizationalUnitNotEmptyException"
 22510  }
 22511  
 22512  // Message returns the exception's message.
 22513  func (s *OrganizationalUnitNotEmptyException) Message() string {
 22514  	if s.Message_ != nil {
 22515  		return *s.Message_
 22516  	}
 22517  	return ""
 22518  }
 22519  
 22520  // OrigErr always returns nil, satisfies awserr.Error interface.
 22521  func (s *OrganizationalUnitNotEmptyException) OrigErr() error {
 22522  	return nil
 22523  }
 22524  
 22525  func (s *OrganizationalUnitNotEmptyException) Error() string {
 22526  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 22527  }
 22528  
 22529  // Status code returns the HTTP status code for the request's response error.
 22530  func (s *OrganizationalUnitNotEmptyException) StatusCode() int {
 22531  	return s.RespMetadata.StatusCode
 22532  }
 22533  
 22534  // RequestID returns the service's response RequestID for request.
 22535  func (s *OrganizationalUnitNotEmptyException) RequestID() string {
 22536  	return s.RespMetadata.RequestID
 22537  }
 22538  
 22539  // We can't find an OU with the OrganizationalUnitId that you specified.
 22540  type OrganizationalUnitNotFoundException struct {
 22541  	_            struct{}                  `type:"structure"`
 22542  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 22543  
 22544  	Message_ *string `locationName:"Message" type:"string"`
 22545  }
 22546  
 22547  // String returns the string representation.
 22548  //
 22549  // API parameter values that are decorated as "sensitive" in the API will not
 22550  // be included in the string output. The member name will be present, but the
 22551  // value will be replaced with "sensitive".
 22552  func (s OrganizationalUnitNotFoundException) String() string {
 22553  	return awsutil.Prettify(s)
 22554  }
 22555  
 22556  // GoString returns the string representation.
 22557  //
 22558  // API parameter values that are decorated as "sensitive" in the API will not
 22559  // be included in the string output. The member name will be present, but the
 22560  // value will be replaced with "sensitive".
 22561  func (s OrganizationalUnitNotFoundException) GoString() string {
 22562  	return s.String()
 22563  }
 22564  
 22565  func newErrorOrganizationalUnitNotFoundException(v protocol.ResponseMetadata) error {
 22566  	return &OrganizationalUnitNotFoundException{
 22567  		RespMetadata: v,
 22568  	}
 22569  }
 22570  
 22571  // Code returns the exception type name.
 22572  func (s *OrganizationalUnitNotFoundException) Code() string {
 22573  	return "OrganizationalUnitNotFoundException"
 22574  }
 22575  
 22576  // Message returns the exception's message.
 22577  func (s *OrganizationalUnitNotFoundException) Message() string {
 22578  	if s.Message_ != nil {
 22579  		return *s.Message_
 22580  	}
 22581  	return ""
 22582  }
 22583  
 22584  // OrigErr always returns nil, satisfies awserr.Error interface.
 22585  func (s *OrganizationalUnitNotFoundException) OrigErr() error {
 22586  	return nil
 22587  }
 22588  
 22589  func (s *OrganizationalUnitNotFoundException) Error() string {
 22590  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 22591  }
 22592  
 22593  // Status code returns the HTTP status code for the request's response error.
 22594  func (s *OrganizationalUnitNotFoundException) StatusCode() int {
 22595  	return s.RespMetadata.StatusCode
 22596  }
 22597  
 22598  // RequestID returns the service's response RequestID for request.
 22599  func (s *OrganizationalUnitNotFoundException) RequestID() string {
 22600  	return s.RespMetadata.RequestID
 22601  }
 22602  
 22603  // Contains information about either a root or an organizational unit (OU) that
 22604  // can contain OUs or accounts in an organization.
 22605  type Parent struct {
 22606  	_ struct{} `type:"structure"`
 22607  
 22608  	// The unique identifier (ID) of the parent entity.
 22609  	//
 22610  	// The regex pattern (http://wikipedia.org/wiki/regex) for a parent ID string
 22611  	// requires one of the following:
 22612  	//
 22613  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 22614  	//    letters or digits.
 22615  	//
 22616  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 22617  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 22618  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 22619  	//    32 additional lowercase letters or digits.
 22620  	Id *string `type:"string"`
 22621  
 22622  	// The type of the parent entity.
 22623  	Type *string `type:"string" enum:"ParentType"`
 22624  }
 22625  
 22626  // String returns the string representation.
 22627  //
 22628  // API parameter values that are decorated as "sensitive" in the API will not
 22629  // be included in the string output. The member name will be present, but the
 22630  // value will be replaced with "sensitive".
 22631  func (s Parent) String() string {
 22632  	return awsutil.Prettify(s)
 22633  }
 22634  
 22635  // GoString returns the string representation.
 22636  //
 22637  // API parameter values that are decorated as "sensitive" in the API will not
 22638  // be included in the string output. The member name will be present, but the
 22639  // value will be replaced with "sensitive".
 22640  func (s Parent) GoString() string {
 22641  	return s.String()
 22642  }
 22643  
 22644  // SetId sets the Id field's value.
 22645  func (s *Parent) SetId(v string) *Parent {
 22646  	s.Id = &v
 22647  	return s
 22648  }
 22649  
 22650  // SetType sets the Type field's value.
 22651  func (s *Parent) SetType(v string) *Parent {
 22652  	s.Type = &v
 22653  	return s
 22654  }
 22655  
 22656  // We can't find a root or OU with the ParentId that you specified.
 22657  type ParentNotFoundException struct {
 22658  	_            struct{}                  `type:"structure"`
 22659  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 22660  
 22661  	Message_ *string `locationName:"Message" type:"string"`
 22662  }
 22663  
 22664  // String returns the string representation.
 22665  //
 22666  // API parameter values that are decorated as "sensitive" in the API will not
 22667  // be included in the string output. The member name will be present, but the
 22668  // value will be replaced with "sensitive".
 22669  func (s ParentNotFoundException) String() string {
 22670  	return awsutil.Prettify(s)
 22671  }
 22672  
 22673  // GoString returns the string representation.
 22674  //
 22675  // API parameter values that are decorated as "sensitive" in the API will not
 22676  // be included in the string output. The member name will be present, but the
 22677  // value will be replaced with "sensitive".
 22678  func (s ParentNotFoundException) GoString() string {
 22679  	return s.String()
 22680  }
 22681  
 22682  func newErrorParentNotFoundException(v protocol.ResponseMetadata) error {
 22683  	return &ParentNotFoundException{
 22684  		RespMetadata: v,
 22685  	}
 22686  }
 22687  
 22688  // Code returns the exception type name.
 22689  func (s *ParentNotFoundException) Code() string {
 22690  	return "ParentNotFoundException"
 22691  }
 22692  
 22693  // Message returns the exception's message.
 22694  func (s *ParentNotFoundException) Message() string {
 22695  	if s.Message_ != nil {
 22696  		return *s.Message_
 22697  	}
 22698  	return ""
 22699  }
 22700  
 22701  // OrigErr always returns nil, satisfies awserr.Error interface.
 22702  func (s *ParentNotFoundException) OrigErr() error {
 22703  	return nil
 22704  }
 22705  
 22706  func (s *ParentNotFoundException) Error() string {
 22707  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 22708  }
 22709  
 22710  // Status code returns the HTTP status code for the request's response error.
 22711  func (s *ParentNotFoundException) StatusCode() int {
 22712  	return s.RespMetadata.StatusCode
 22713  }
 22714  
 22715  // RequestID returns the service's response RequestID for request.
 22716  func (s *ParentNotFoundException) RequestID() string {
 22717  	return s.RespMetadata.RequestID
 22718  }
 22719  
 22720  // Contains rules to be applied to the affected accounts. Policies can be attached
 22721  // directly to accounts, or to roots and OUs to affect all accounts in those
 22722  // hierarchies.
 22723  type Policy struct {
 22724  	_ struct{} `type:"structure"`
 22725  
 22726  	// The text content of the policy.
 22727  	Content *string `min:"1" type:"string"`
 22728  
 22729  	// A structure that contains additional details about the policy.
 22730  	PolicySummary *PolicySummary `type:"structure"`
 22731  }
 22732  
 22733  // String returns the string representation.
 22734  //
 22735  // API parameter values that are decorated as "sensitive" in the API will not
 22736  // be included in the string output. The member name will be present, but the
 22737  // value will be replaced with "sensitive".
 22738  func (s Policy) String() string {
 22739  	return awsutil.Prettify(s)
 22740  }
 22741  
 22742  // GoString returns the string representation.
 22743  //
 22744  // API parameter values that are decorated as "sensitive" in the API will not
 22745  // be included in the string output. The member name will be present, but the
 22746  // value will be replaced with "sensitive".
 22747  func (s Policy) GoString() string {
 22748  	return s.String()
 22749  }
 22750  
 22751  // SetContent sets the Content field's value.
 22752  func (s *Policy) SetContent(v string) *Policy {
 22753  	s.Content = &v
 22754  	return s
 22755  }
 22756  
 22757  // SetPolicySummary sets the PolicySummary field's value.
 22758  func (s *Policy) SetPolicySummary(v *PolicySummary) *Policy {
 22759  	s.PolicySummary = v
 22760  	return s
 22761  }
 22762  
 22763  // Changes to the effective policy are in progress, and its contents can't be
 22764  // returned. Try the operation again later.
 22765  type PolicyChangesInProgressException struct {
 22766  	_            struct{}                  `type:"structure"`
 22767  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 22768  
 22769  	Message_ *string `locationName:"Message" type:"string"`
 22770  }
 22771  
 22772  // String returns the string representation.
 22773  //
 22774  // API parameter values that are decorated as "sensitive" in the API will not
 22775  // be included in the string output. The member name will be present, but the
 22776  // value will be replaced with "sensitive".
 22777  func (s PolicyChangesInProgressException) String() string {
 22778  	return awsutil.Prettify(s)
 22779  }
 22780  
 22781  // GoString returns the string representation.
 22782  //
 22783  // API parameter values that are decorated as "sensitive" in the API will not
 22784  // be included in the string output. The member name will be present, but the
 22785  // value will be replaced with "sensitive".
 22786  func (s PolicyChangesInProgressException) GoString() string {
 22787  	return s.String()
 22788  }
 22789  
 22790  func newErrorPolicyChangesInProgressException(v protocol.ResponseMetadata) error {
 22791  	return &PolicyChangesInProgressException{
 22792  		RespMetadata: v,
 22793  	}
 22794  }
 22795  
 22796  // Code returns the exception type name.
 22797  func (s *PolicyChangesInProgressException) Code() string {
 22798  	return "PolicyChangesInProgressException"
 22799  }
 22800  
 22801  // Message returns the exception's message.
 22802  func (s *PolicyChangesInProgressException) Message() string {
 22803  	if s.Message_ != nil {
 22804  		return *s.Message_
 22805  	}
 22806  	return ""
 22807  }
 22808  
 22809  // OrigErr always returns nil, satisfies awserr.Error interface.
 22810  func (s *PolicyChangesInProgressException) OrigErr() error {
 22811  	return nil
 22812  }
 22813  
 22814  func (s *PolicyChangesInProgressException) Error() string {
 22815  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 22816  }
 22817  
 22818  // Status code returns the HTTP status code for the request's response error.
 22819  func (s *PolicyChangesInProgressException) StatusCode() int {
 22820  	return s.RespMetadata.StatusCode
 22821  }
 22822  
 22823  // RequestID returns the service's response RequestID for request.
 22824  func (s *PolicyChangesInProgressException) RequestID() string {
 22825  	return s.RespMetadata.RequestID
 22826  }
 22827  
 22828  // The policy is attached to one or more entities. You must detach it from all
 22829  // roots, OUs, and accounts before performing this operation.
 22830  type PolicyInUseException struct {
 22831  	_            struct{}                  `type:"structure"`
 22832  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 22833  
 22834  	Message_ *string `locationName:"Message" type:"string"`
 22835  }
 22836  
 22837  // String returns the string representation.
 22838  //
 22839  // API parameter values that are decorated as "sensitive" in the API will not
 22840  // be included in the string output. The member name will be present, but the
 22841  // value will be replaced with "sensitive".
 22842  func (s PolicyInUseException) String() string {
 22843  	return awsutil.Prettify(s)
 22844  }
 22845  
 22846  // GoString returns the string representation.
 22847  //
 22848  // API parameter values that are decorated as "sensitive" in the API will not
 22849  // be included in the string output. The member name will be present, but the
 22850  // value will be replaced with "sensitive".
 22851  func (s PolicyInUseException) GoString() string {
 22852  	return s.String()
 22853  }
 22854  
 22855  func newErrorPolicyInUseException(v protocol.ResponseMetadata) error {
 22856  	return &PolicyInUseException{
 22857  		RespMetadata: v,
 22858  	}
 22859  }
 22860  
 22861  // Code returns the exception type name.
 22862  func (s *PolicyInUseException) Code() string {
 22863  	return "PolicyInUseException"
 22864  }
 22865  
 22866  // Message returns the exception's message.
 22867  func (s *PolicyInUseException) Message() string {
 22868  	if s.Message_ != nil {
 22869  		return *s.Message_
 22870  	}
 22871  	return ""
 22872  }
 22873  
 22874  // OrigErr always returns nil, satisfies awserr.Error interface.
 22875  func (s *PolicyInUseException) OrigErr() error {
 22876  	return nil
 22877  }
 22878  
 22879  func (s *PolicyInUseException) Error() string {
 22880  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 22881  }
 22882  
 22883  // Status code returns the HTTP status code for the request's response error.
 22884  func (s *PolicyInUseException) StatusCode() int {
 22885  	return s.RespMetadata.StatusCode
 22886  }
 22887  
 22888  // RequestID returns the service's response RequestID for request.
 22889  func (s *PolicyInUseException) RequestID() string {
 22890  	return s.RespMetadata.RequestID
 22891  }
 22892  
 22893  // The policy isn't attached to the specified target in the specified root.
 22894  type PolicyNotAttachedException struct {
 22895  	_            struct{}                  `type:"structure"`
 22896  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 22897  
 22898  	Message_ *string `locationName:"Message" type:"string"`
 22899  }
 22900  
 22901  // String returns the string representation.
 22902  //
 22903  // API parameter values that are decorated as "sensitive" in the API will not
 22904  // be included in the string output. The member name will be present, but the
 22905  // value will be replaced with "sensitive".
 22906  func (s PolicyNotAttachedException) String() string {
 22907  	return awsutil.Prettify(s)
 22908  }
 22909  
 22910  // GoString returns the string representation.
 22911  //
 22912  // API parameter values that are decorated as "sensitive" in the API will not
 22913  // be included in the string output. The member name will be present, but the
 22914  // value will be replaced with "sensitive".
 22915  func (s PolicyNotAttachedException) GoString() string {
 22916  	return s.String()
 22917  }
 22918  
 22919  func newErrorPolicyNotAttachedException(v protocol.ResponseMetadata) error {
 22920  	return &PolicyNotAttachedException{
 22921  		RespMetadata: v,
 22922  	}
 22923  }
 22924  
 22925  // Code returns the exception type name.
 22926  func (s *PolicyNotAttachedException) Code() string {
 22927  	return "PolicyNotAttachedException"
 22928  }
 22929  
 22930  // Message returns the exception's message.
 22931  func (s *PolicyNotAttachedException) Message() string {
 22932  	if s.Message_ != nil {
 22933  		return *s.Message_
 22934  	}
 22935  	return ""
 22936  }
 22937  
 22938  // OrigErr always returns nil, satisfies awserr.Error interface.
 22939  func (s *PolicyNotAttachedException) OrigErr() error {
 22940  	return nil
 22941  }
 22942  
 22943  func (s *PolicyNotAttachedException) Error() string {
 22944  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 22945  }
 22946  
 22947  // Status code returns the HTTP status code for the request's response error.
 22948  func (s *PolicyNotAttachedException) StatusCode() int {
 22949  	return s.RespMetadata.StatusCode
 22950  }
 22951  
 22952  // RequestID returns the service's response RequestID for request.
 22953  func (s *PolicyNotAttachedException) RequestID() string {
 22954  	return s.RespMetadata.RequestID
 22955  }
 22956  
 22957  // We can't find a policy with the PolicyId that you specified.
 22958  type PolicyNotFoundException struct {
 22959  	_            struct{}                  `type:"structure"`
 22960  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 22961  
 22962  	Message_ *string `locationName:"Message" type:"string"`
 22963  }
 22964  
 22965  // String returns the string representation.
 22966  //
 22967  // API parameter values that are decorated as "sensitive" in the API will not
 22968  // be included in the string output. The member name will be present, but the
 22969  // value will be replaced with "sensitive".
 22970  func (s PolicyNotFoundException) String() string {
 22971  	return awsutil.Prettify(s)
 22972  }
 22973  
 22974  // GoString returns the string representation.
 22975  //
 22976  // API parameter values that are decorated as "sensitive" in the API will not
 22977  // be included in the string output. The member name will be present, but the
 22978  // value will be replaced with "sensitive".
 22979  func (s PolicyNotFoundException) GoString() string {
 22980  	return s.String()
 22981  }
 22982  
 22983  func newErrorPolicyNotFoundException(v protocol.ResponseMetadata) error {
 22984  	return &PolicyNotFoundException{
 22985  		RespMetadata: v,
 22986  	}
 22987  }
 22988  
 22989  // Code returns the exception type name.
 22990  func (s *PolicyNotFoundException) Code() string {
 22991  	return "PolicyNotFoundException"
 22992  }
 22993  
 22994  // Message returns the exception's message.
 22995  func (s *PolicyNotFoundException) Message() string {
 22996  	if s.Message_ != nil {
 22997  		return *s.Message_
 22998  	}
 22999  	return ""
 23000  }
 23001  
 23002  // OrigErr always returns nil, satisfies awserr.Error interface.
 23003  func (s *PolicyNotFoundException) OrigErr() error {
 23004  	return nil
 23005  }
 23006  
 23007  func (s *PolicyNotFoundException) Error() string {
 23008  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 23009  }
 23010  
 23011  // Status code returns the HTTP status code for the request's response error.
 23012  func (s *PolicyNotFoundException) StatusCode() int {
 23013  	return s.RespMetadata.StatusCode
 23014  }
 23015  
 23016  // RequestID returns the service's response RequestID for request.
 23017  func (s *PolicyNotFoundException) RequestID() string {
 23018  	return s.RespMetadata.RequestID
 23019  }
 23020  
 23021  // Contains information about a policy, but does not include the content. To
 23022  // see the content of a policy, see DescribePolicy.
 23023  type PolicySummary struct {
 23024  	_ struct{} `type:"structure"`
 23025  
 23026  	// The Amazon Resource Name (ARN) of the policy.
 23027  	//
 23028  	// For more information about ARNs in Organizations, see ARN Formats Supported
 23029  	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
 23030  	// in the AWS Service Authorization Reference.
 23031  	Arn *string `type:"string"`
 23032  
 23033  	// A boolean value that indicates whether the specified policy is an AWS managed
 23034  	// policy. If true, then you can attach the policy to roots, OUs, or accounts,
 23035  	// but you cannot edit it.
 23036  	AwsManaged *bool `type:"boolean"`
 23037  
 23038  	// The description of the policy.
 23039  	Description *string `type:"string"`
 23040  
 23041  	// The unique identifier (ID) of the policy.
 23042  	//
 23043  	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
 23044  	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
 23045  	// or the underscore character (_).
 23046  	Id *string `type:"string"`
 23047  
 23048  	// The friendly name of the policy.
 23049  	//
 23050  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 23051  	// this parameter is a string of any of the characters in the ASCII character
 23052  	// range.
 23053  	Name *string `min:"1" type:"string"`
 23054  
 23055  	// The type of policy.
 23056  	Type *string `type:"string" enum:"PolicyType"`
 23057  }
 23058  
 23059  // String returns the string representation.
 23060  //
 23061  // API parameter values that are decorated as "sensitive" in the API will not
 23062  // be included in the string output. The member name will be present, but the
 23063  // value will be replaced with "sensitive".
 23064  func (s PolicySummary) String() string {
 23065  	return awsutil.Prettify(s)
 23066  }
 23067  
 23068  // GoString returns the string representation.
 23069  //
 23070  // API parameter values that are decorated as "sensitive" in the API will not
 23071  // be included in the string output. The member name will be present, but the
 23072  // value will be replaced with "sensitive".
 23073  func (s PolicySummary) GoString() string {
 23074  	return s.String()
 23075  }
 23076  
 23077  // SetArn sets the Arn field's value.
 23078  func (s *PolicySummary) SetArn(v string) *PolicySummary {
 23079  	s.Arn = &v
 23080  	return s
 23081  }
 23082  
 23083  // SetAwsManaged sets the AwsManaged field's value.
 23084  func (s *PolicySummary) SetAwsManaged(v bool) *PolicySummary {
 23085  	s.AwsManaged = &v
 23086  	return s
 23087  }
 23088  
 23089  // SetDescription sets the Description field's value.
 23090  func (s *PolicySummary) SetDescription(v string) *PolicySummary {
 23091  	s.Description = &v
 23092  	return s
 23093  }
 23094  
 23095  // SetId sets the Id field's value.
 23096  func (s *PolicySummary) SetId(v string) *PolicySummary {
 23097  	s.Id = &v
 23098  	return s
 23099  }
 23100  
 23101  // SetName sets the Name field's value.
 23102  func (s *PolicySummary) SetName(v string) *PolicySummary {
 23103  	s.Name = &v
 23104  	return s
 23105  }
 23106  
 23107  // SetType sets the Type field's value.
 23108  func (s *PolicySummary) SetType(v string) *PolicySummary {
 23109  	s.Type = &v
 23110  	return s
 23111  }
 23112  
 23113  // Contains information about a root, OU, or account that a policy is attached
 23114  // to.
 23115  type PolicyTargetSummary struct {
 23116  	_ struct{} `type:"structure"`
 23117  
 23118  	// The Amazon Resource Name (ARN) of the policy target.
 23119  	//
 23120  	// For more information about ARNs in Organizations, see ARN Formats Supported
 23121  	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
 23122  	// in the AWS Service Authorization Reference.
 23123  	Arn *string `type:"string"`
 23124  
 23125  	// The friendly name of the policy target.
 23126  	//
 23127  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 23128  	// this parameter is a string of any of the characters in the ASCII character
 23129  	// range.
 23130  	Name *string `min:"1" type:"string"`
 23131  
 23132  	// The unique identifier (ID) of the policy target.
 23133  	//
 23134  	// The regex pattern (http://wikipedia.org/wiki/regex) for a target ID string
 23135  	// requires one of the following:
 23136  	//
 23137  	//    * Root - A string that begins with "r-" followed by from 4 to 32 lowercase
 23138  	//    letters or digits.
 23139  	//
 23140  	//    * Account - A string that consists of exactly 12 digits.
 23141  	//
 23142  	//    * Organizational unit (OU) - A string that begins with "ou-" followed
 23143  	//    by from 4 to 32 lowercase letters or digits (the ID of the root that the
 23144  	//    OU is in). This string is followed by a second "-" dash and from 8 to
 23145  	//    32 additional lowercase letters or digits.
 23146  	TargetId *string `type:"string"`
 23147  
 23148  	// The type of the policy target.
 23149  	Type *string `type:"string" enum:"TargetType"`
 23150  }
 23151  
 23152  // String returns the string representation.
 23153  //
 23154  // API parameter values that are decorated as "sensitive" in the API will not
 23155  // be included in the string output. The member name will be present, but the
 23156  // value will be replaced with "sensitive".
 23157  func (s PolicyTargetSummary) String() string {
 23158  	return awsutil.Prettify(s)
 23159  }
 23160  
 23161  // GoString returns the string representation.
 23162  //
 23163  // API parameter values that are decorated as "sensitive" in the API will not
 23164  // be included in the string output. The member name will be present, but the
 23165  // value will be replaced with "sensitive".
 23166  func (s PolicyTargetSummary) GoString() string {
 23167  	return s.String()
 23168  }
 23169  
 23170  // SetArn sets the Arn field's value.
 23171  func (s *PolicyTargetSummary) SetArn(v string) *PolicyTargetSummary {
 23172  	s.Arn = &v
 23173  	return s
 23174  }
 23175  
 23176  // SetName sets the Name field's value.
 23177  func (s *PolicyTargetSummary) SetName(v string) *PolicyTargetSummary {
 23178  	s.Name = &v
 23179  	return s
 23180  }
 23181  
 23182  // SetTargetId sets the TargetId field's value.
 23183  func (s *PolicyTargetSummary) SetTargetId(v string) *PolicyTargetSummary {
 23184  	s.TargetId = &v
 23185  	return s
 23186  }
 23187  
 23188  // SetType sets the Type field's value.
 23189  func (s *PolicyTargetSummary) SetType(v string) *PolicyTargetSummary {
 23190  	s.Type = &v
 23191  	return s
 23192  }
 23193  
 23194  // The specified policy type is already enabled in the specified root.
 23195  type PolicyTypeAlreadyEnabledException struct {
 23196  	_            struct{}                  `type:"structure"`
 23197  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 23198  
 23199  	Message_ *string `locationName:"Message" type:"string"`
 23200  }
 23201  
 23202  // String returns the string representation.
 23203  //
 23204  // API parameter values that are decorated as "sensitive" in the API will not
 23205  // be included in the string output. The member name will be present, but the
 23206  // value will be replaced with "sensitive".
 23207  func (s PolicyTypeAlreadyEnabledException) String() string {
 23208  	return awsutil.Prettify(s)
 23209  }
 23210  
 23211  // GoString returns the string representation.
 23212  //
 23213  // API parameter values that are decorated as "sensitive" in the API will not
 23214  // be included in the string output. The member name will be present, but the
 23215  // value will be replaced with "sensitive".
 23216  func (s PolicyTypeAlreadyEnabledException) GoString() string {
 23217  	return s.String()
 23218  }
 23219  
 23220  func newErrorPolicyTypeAlreadyEnabledException(v protocol.ResponseMetadata) error {
 23221  	return &PolicyTypeAlreadyEnabledException{
 23222  		RespMetadata: v,
 23223  	}
 23224  }
 23225  
 23226  // Code returns the exception type name.
 23227  func (s *PolicyTypeAlreadyEnabledException) Code() string {
 23228  	return "PolicyTypeAlreadyEnabledException"
 23229  }
 23230  
 23231  // Message returns the exception's message.
 23232  func (s *PolicyTypeAlreadyEnabledException) Message() string {
 23233  	if s.Message_ != nil {
 23234  		return *s.Message_
 23235  	}
 23236  	return ""
 23237  }
 23238  
 23239  // OrigErr always returns nil, satisfies awserr.Error interface.
 23240  func (s *PolicyTypeAlreadyEnabledException) OrigErr() error {
 23241  	return nil
 23242  }
 23243  
 23244  func (s *PolicyTypeAlreadyEnabledException) Error() string {
 23245  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 23246  }
 23247  
 23248  // Status code returns the HTTP status code for the request's response error.
 23249  func (s *PolicyTypeAlreadyEnabledException) StatusCode() int {
 23250  	return s.RespMetadata.StatusCode
 23251  }
 23252  
 23253  // RequestID returns the service's response RequestID for request.
 23254  func (s *PolicyTypeAlreadyEnabledException) RequestID() string {
 23255  	return s.RespMetadata.RequestID
 23256  }
 23257  
 23258  // You can't use the specified policy type with the feature set currently enabled
 23259  // for this organization. For example, you can enable SCPs only after you enable
 23260  // all features in the organization. For more information, see Managing AWS
 23261  // Organizations Policies (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html#enable_policies_on_root)in
 23262  // the AWS Organizations User Guide.
 23263  type PolicyTypeNotAvailableForOrganizationException struct {
 23264  	_            struct{}                  `type:"structure"`
 23265  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 23266  
 23267  	Message_ *string `locationName:"Message" type:"string"`
 23268  }
 23269  
 23270  // String returns the string representation.
 23271  //
 23272  // API parameter values that are decorated as "sensitive" in the API will not
 23273  // be included in the string output. The member name will be present, but the
 23274  // value will be replaced with "sensitive".
 23275  func (s PolicyTypeNotAvailableForOrganizationException) String() string {
 23276  	return awsutil.Prettify(s)
 23277  }
 23278  
 23279  // GoString returns the string representation.
 23280  //
 23281  // API parameter values that are decorated as "sensitive" in the API will not
 23282  // be included in the string output. The member name will be present, but the
 23283  // value will be replaced with "sensitive".
 23284  func (s PolicyTypeNotAvailableForOrganizationException) GoString() string {
 23285  	return s.String()
 23286  }
 23287  
 23288  func newErrorPolicyTypeNotAvailableForOrganizationException(v protocol.ResponseMetadata) error {
 23289  	return &PolicyTypeNotAvailableForOrganizationException{
 23290  		RespMetadata: v,
 23291  	}
 23292  }
 23293  
 23294  // Code returns the exception type name.
 23295  func (s *PolicyTypeNotAvailableForOrganizationException) Code() string {
 23296  	return "PolicyTypeNotAvailableForOrganizationException"
 23297  }
 23298  
 23299  // Message returns the exception's message.
 23300  func (s *PolicyTypeNotAvailableForOrganizationException) Message() string {
 23301  	if s.Message_ != nil {
 23302  		return *s.Message_
 23303  	}
 23304  	return ""
 23305  }
 23306  
 23307  // OrigErr always returns nil, satisfies awserr.Error interface.
 23308  func (s *PolicyTypeNotAvailableForOrganizationException) OrigErr() error {
 23309  	return nil
 23310  }
 23311  
 23312  func (s *PolicyTypeNotAvailableForOrganizationException) Error() string {
 23313  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 23314  }
 23315  
 23316  // Status code returns the HTTP status code for the request's response error.
 23317  func (s *PolicyTypeNotAvailableForOrganizationException) StatusCode() int {
 23318  	return s.RespMetadata.StatusCode
 23319  }
 23320  
 23321  // RequestID returns the service's response RequestID for request.
 23322  func (s *PolicyTypeNotAvailableForOrganizationException) RequestID() string {
 23323  	return s.RespMetadata.RequestID
 23324  }
 23325  
 23326  // The specified policy type isn't currently enabled in this root. You can't
 23327  // attach policies of the specified type to entities in a root until you enable
 23328  // that type in the root. For more information, see Enabling All Features in
 23329  // Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html)
 23330  // in the AWS Organizations User Guide.
 23331  type PolicyTypeNotEnabledException struct {
 23332  	_            struct{}                  `type:"structure"`
 23333  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 23334  
 23335  	Message_ *string `locationName:"Message" type:"string"`
 23336  }
 23337  
 23338  // String returns the string representation.
 23339  //
 23340  // API parameter values that are decorated as "sensitive" in the API will not
 23341  // be included in the string output. The member name will be present, but the
 23342  // value will be replaced with "sensitive".
 23343  func (s PolicyTypeNotEnabledException) String() string {
 23344  	return awsutil.Prettify(s)
 23345  }
 23346  
 23347  // GoString returns the string representation.
 23348  //
 23349  // API parameter values that are decorated as "sensitive" in the API will not
 23350  // be included in the string output. The member name will be present, but the
 23351  // value will be replaced with "sensitive".
 23352  func (s PolicyTypeNotEnabledException) GoString() string {
 23353  	return s.String()
 23354  }
 23355  
 23356  func newErrorPolicyTypeNotEnabledException(v protocol.ResponseMetadata) error {
 23357  	return &PolicyTypeNotEnabledException{
 23358  		RespMetadata: v,
 23359  	}
 23360  }
 23361  
 23362  // Code returns the exception type name.
 23363  func (s *PolicyTypeNotEnabledException) Code() string {
 23364  	return "PolicyTypeNotEnabledException"
 23365  }
 23366  
 23367  // Message returns the exception's message.
 23368  func (s *PolicyTypeNotEnabledException) Message() string {
 23369  	if s.Message_ != nil {
 23370  		return *s.Message_
 23371  	}
 23372  	return ""
 23373  }
 23374  
 23375  // OrigErr always returns nil, satisfies awserr.Error interface.
 23376  func (s *PolicyTypeNotEnabledException) OrigErr() error {
 23377  	return nil
 23378  }
 23379  
 23380  func (s *PolicyTypeNotEnabledException) Error() string {
 23381  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 23382  }
 23383  
 23384  // Status code returns the HTTP status code for the request's response error.
 23385  func (s *PolicyTypeNotEnabledException) StatusCode() int {
 23386  	return s.RespMetadata.StatusCode
 23387  }
 23388  
 23389  // RequestID returns the service's response RequestID for request.
 23390  func (s *PolicyTypeNotEnabledException) RequestID() string {
 23391  	return s.RespMetadata.RequestID
 23392  }
 23393  
 23394  // Contains information about a policy type and its status in the associated
 23395  // root.
 23396  type PolicyTypeSummary struct {
 23397  	_ struct{} `type:"structure"`
 23398  
 23399  	// The status of the policy type as it relates to the associated root. To attach
 23400  	// a policy of the specified type to a root or to an OU or account in that root,
 23401  	// it must be available in the organization and enabled for that root.
 23402  	Status *string `type:"string" enum:"PolicyTypeStatus"`
 23403  
 23404  	// The name of the policy type.
 23405  	Type *string `type:"string" enum:"PolicyType"`
 23406  }
 23407  
 23408  // String returns the string representation.
 23409  //
 23410  // API parameter values that are decorated as "sensitive" in the API will not
 23411  // be included in the string output. The member name will be present, but the
 23412  // value will be replaced with "sensitive".
 23413  func (s PolicyTypeSummary) String() string {
 23414  	return awsutil.Prettify(s)
 23415  }
 23416  
 23417  // GoString returns the string representation.
 23418  //
 23419  // API parameter values that are decorated as "sensitive" in the API will not
 23420  // be included in the string output. The member name will be present, but the
 23421  // value will be replaced with "sensitive".
 23422  func (s PolicyTypeSummary) GoString() string {
 23423  	return s.String()
 23424  }
 23425  
 23426  // SetStatus sets the Status field's value.
 23427  func (s *PolicyTypeSummary) SetStatus(v string) *PolicyTypeSummary {
 23428  	s.Status = &v
 23429  	return s
 23430  }
 23431  
 23432  // SetType sets the Type field's value.
 23433  func (s *PolicyTypeSummary) SetType(v string) *PolicyTypeSummary {
 23434  	s.Type = &v
 23435  	return s
 23436  }
 23437  
 23438  type RegisterDelegatedAdministratorInput struct {
 23439  	_ struct{} `type:"structure"`
 23440  
 23441  	// The account ID number of the member account in the organization to register
 23442  	// as a delegated administrator.
 23443  	//
 23444  	// AccountId is a required field
 23445  	AccountId *string `type:"string" required:"true"`
 23446  
 23447  	// The service principal of the AWS service for which you want to make the member
 23448  	// account a delegated administrator.
 23449  	//
 23450  	// ServicePrincipal is a required field
 23451  	ServicePrincipal *string `min:"1" type:"string" required:"true"`
 23452  }
 23453  
 23454  // String returns the string representation.
 23455  //
 23456  // API parameter values that are decorated as "sensitive" in the API will not
 23457  // be included in the string output. The member name will be present, but the
 23458  // value will be replaced with "sensitive".
 23459  func (s RegisterDelegatedAdministratorInput) String() string {
 23460  	return awsutil.Prettify(s)
 23461  }
 23462  
 23463  // GoString returns the string representation.
 23464  //
 23465  // API parameter values that are decorated as "sensitive" in the API will not
 23466  // be included in the string output. The member name will be present, but the
 23467  // value will be replaced with "sensitive".
 23468  func (s RegisterDelegatedAdministratorInput) GoString() string {
 23469  	return s.String()
 23470  }
 23471  
 23472  // Validate inspects the fields of the type to determine if they are valid.
 23473  func (s *RegisterDelegatedAdministratorInput) Validate() error {
 23474  	invalidParams := request.ErrInvalidParams{Context: "RegisterDelegatedAdministratorInput"}
 23475  	if s.AccountId == nil {
 23476  		invalidParams.Add(request.NewErrParamRequired("AccountId"))
 23477  	}
 23478  	if s.ServicePrincipal == nil {
 23479  		invalidParams.Add(request.NewErrParamRequired("ServicePrincipal"))
 23480  	}
 23481  	if s.ServicePrincipal != nil && len(*s.ServicePrincipal) < 1 {
 23482  		invalidParams.Add(request.NewErrParamMinLen("ServicePrincipal", 1))
 23483  	}
 23484  
 23485  	if invalidParams.Len() > 0 {
 23486  		return invalidParams
 23487  	}
 23488  	return nil
 23489  }
 23490  
 23491  // SetAccountId sets the AccountId field's value.
 23492  func (s *RegisterDelegatedAdministratorInput) SetAccountId(v string) *RegisterDelegatedAdministratorInput {
 23493  	s.AccountId = &v
 23494  	return s
 23495  }
 23496  
 23497  // SetServicePrincipal sets the ServicePrincipal field's value.
 23498  func (s *RegisterDelegatedAdministratorInput) SetServicePrincipal(v string) *RegisterDelegatedAdministratorInput {
 23499  	s.ServicePrincipal = &v
 23500  	return s
 23501  }
 23502  
 23503  type RegisterDelegatedAdministratorOutput struct {
 23504  	_ struct{} `type:"structure"`
 23505  }
 23506  
 23507  // String returns the string representation.
 23508  //
 23509  // API parameter values that are decorated as "sensitive" in the API will not
 23510  // be included in the string output. The member name will be present, but the
 23511  // value will be replaced with "sensitive".
 23512  func (s RegisterDelegatedAdministratorOutput) String() string {
 23513  	return awsutil.Prettify(s)
 23514  }
 23515  
 23516  // GoString returns the string representation.
 23517  //
 23518  // API parameter values that are decorated as "sensitive" in the API will not
 23519  // be included in the string output. The member name will be present, but the
 23520  // value will be replaced with "sensitive".
 23521  func (s RegisterDelegatedAdministratorOutput) GoString() string {
 23522  	return s.String()
 23523  }
 23524  
 23525  type RemoveAccountFromOrganizationInput struct {
 23526  	_ struct{} `type:"structure"`
 23527  
 23528  	// The unique identifier (ID) of the member account that you want to remove
 23529  	// from the organization.
 23530  	//
 23531  	// The regex pattern (http://wikipedia.org/wiki/regex) for an account ID string
 23532  	// requires exactly 12 digits.
 23533  	//
 23534  	// AccountId is a required field
 23535  	AccountId *string `type:"string" required:"true"`
 23536  }
 23537  
 23538  // String returns the string representation.
 23539  //
 23540  // API parameter values that are decorated as "sensitive" in the API will not
 23541  // be included in the string output. The member name will be present, but the
 23542  // value will be replaced with "sensitive".
 23543  func (s RemoveAccountFromOrganizationInput) String() string {
 23544  	return awsutil.Prettify(s)
 23545  }
 23546  
 23547  // GoString returns the string representation.
 23548  //
 23549  // API parameter values that are decorated as "sensitive" in the API will not
 23550  // be included in the string output. The member name will be present, but the
 23551  // value will be replaced with "sensitive".
 23552  func (s RemoveAccountFromOrganizationInput) GoString() string {
 23553  	return s.String()
 23554  }
 23555  
 23556  // Validate inspects the fields of the type to determine if they are valid.
 23557  func (s *RemoveAccountFromOrganizationInput) Validate() error {
 23558  	invalidParams := request.ErrInvalidParams{Context: "RemoveAccountFromOrganizationInput"}
 23559  	if s.AccountId == nil {
 23560  		invalidParams.Add(request.NewErrParamRequired("AccountId"))
 23561  	}
 23562  
 23563  	if invalidParams.Len() > 0 {
 23564  		return invalidParams
 23565  	}
 23566  	return nil
 23567  }
 23568  
 23569  // SetAccountId sets the AccountId field's value.
 23570  func (s *RemoveAccountFromOrganizationInput) SetAccountId(v string) *RemoveAccountFromOrganizationInput {
 23571  	s.AccountId = &v
 23572  	return s
 23573  }
 23574  
 23575  type RemoveAccountFromOrganizationOutput struct {
 23576  	_ struct{} `type:"structure"`
 23577  }
 23578  
 23579  // String returns the string representation.
 23580  //
 23581  // API parameter values that are decorated as "sensitive" in the API will not
 23582  // be included in the string output. The member name will be present, but the
 23583  // value will be replaced with "sensitive".
 23584  func (s RemoveAccountFromOrganizationOutput) String() string {
 23585  	return awsutil.Prettify(s)
 23586  }
 23587  
 23588  // GoString returns the string representation.
 23589  //
 23590  // API parameter values that are decorated as "sensitive" in the API will not
 23591  // be included in the string output. The member name will be present, but the
 23592  // value will be replaced with "sensitive".
 23593  func (s RemoveAccountFromOrganizationOutput) GoString() string {
 23594  	return s.String()
 23595  }
 23596  
 23597  // Contains details about a root. A root is a top-level parent node in the hierarchy
 23598  // of an organization that can contain organizational units (OUs) and accounts.
 23599  // The root contains every AWS account in the organization.
 23600  type Root struct {
 23601  	_ struct{} `type:"structure"`
 23602  
 23603  	// The Amazon Resource Name (ARN) of the root.
 23604  	//
 23605  	// For more information about ARNs in Organizations, see ARN Formats Supported
 23606  	// by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies)
 23607  	// in the AWS Service Authorization Reference.
 23608  	Arn *string `type:"string"`
 23609  
 23610  	// The unique identifier (ID) for the root.
 23611  	//
 23612  	// The regex pattern (http://wikipedia.org/wiki/regex) for a root ID string
 23613  	// requires "r-" followed by from 4 to 32 lowercase letters or digits.
 23614  	Id *string `type:"string"`
 23615  
 23616  	// The friendly name of the root.
 23617  	//
 23618  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 23619  	// this parameter is a string of any of the characters in the ASCII character
 23620  	// range.
 23621  	Name *string `min:"1" type:"string"`
 23622  
 23623  	// The types of policies that are currently enabled for the root and therefore
 23624  	// can be attached to the root or to its OUs or accounts.
 23625  	//
 23626  	// Even if a policy type is shown as available in the organization, you can
 23627  	// separately enable and disable them at the root level by using EnablePolicyType
 23628  	// and DisablePolicyType. Use DescribeOrganization to see the availability of
 23629  	// the policy types in that organization.
 23630  	PolicyTypes []*PolicyTypeSummary `type:"list"`
 23631  }
 23632  
 23633  // String returns the string representation.
 23634  //
 23635  // API parameter values that are decorated as "sensitive" in the API will not
 23636  // be included in the string output. The member name will be present, but the
 23637  // value will be replaced with "sensitive".
 23638  func (s Root) String() string {
 23639  	return awsutil.Prettify(s)
 23640  }
 23641  
 23642  // GoString returns the string representation.
 23643  //
 23644  // API parameter values that are decorated as "sensitive" in the API will not
 23645  // be included in the string output. The member name will be present, but the
 23646  // value will be replaced with "sensitive".
 23647  func (s Root) GoString() string {
 23648  	return s.String()
 23649  }
 23650  
 23651  // SetArn sets the Arn field's value.
 23652  func (s *Root) SetArn(v string) *Root {
 23653  	s.Arn = &v
 23654  	return s
 23655  }
 23656  
 23657  // SetId sets the Id field's value.
 23658  func (s *Root) SetId(v string) *Root {
 23659  	s.Id = &v
 23660  	return s
 23661  }
 23662  
 23663  // SetName sets the Name field's value.
 23664  func (s *Root) SetName(v string) *Root {
 23665  	s.Name = &v
 23666  	return s
 23667  }
 23668  
 23669  // SetPolicyTypes sets the PolicyTypes field's value.
 23670  func (s *Root) SetPolicyTypes(v []*PolicyTypeSummary) *Root {
 23671  	s.PolicyTypes = v
 23672  	return s
 23673  }
 23674  
 23675  // We can't find a root with the RootId that you specified.
 23676  type RootNotFoundException struct {
 23677  	_            struct{}                  `type:"structure"`
 23678  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 23679  
 23680  	Message_ *string `locationName:"Message" type:"string"`
 23681  }
 23682  
 23683  // String returns the string representation.
 23684  //
 23685  // API parameter values that are decorated as "sensitive" in the API will not
 23686  // be included in the string output. The member name will be present, but the
 23687  // value will be replaced with "sensitive".
 23688  func (s RootNotFoundException) String() string {
 23689  	return awsutil.Prettify(s)
 23690  }
 23691  
 23692  // GoString returns the string representation.
 23693  //
 23694  // API parameter values that are decorated as "sensitive" in the API will not
 23695  // be included in the string output. The member name will be present, but the
 23696  // value will be replaced with "sensitive".
 23697  func (s RootNotFoundException) GoString() string {
 23698  	return s.String()
 23699  }
 23700  
 23701  func newErrorRootNotFoundException(v protocol.ResponseMetadata) error {
 23702  	return &RootNotFoundException{
 23703  		RespMetadata: v,
 23704  	}
 23705  }
 23706  
 23707  // Code returns the exception type name.
 23708  func (s *RootNotFoundException) Code() string {
 23709  	return "RootNotFoundException"
 23710  }
 23711  
 23712  // Message returns the exception's message.
 23713  func (s *RootNotFoundException) Message() string {
 23714  	if s.Message_ != nil {
 23715  		return *s.Message_
 23716  	}
 23717  	return ""
 23718  }
 23719  
 23720  // OrigErr always returns nil, satisfies awserr.Error interface.
 23721  func (s *RootNotFoundException) OrigErr() error {
 23722  	return nil
 23723  }
 23724  
 23725  func (s *RootNotFoundException) Error() string {
 23726  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 23727  }
 23728  
 23729  // Status code returns the HTTP status code for the request's response error.
 23730  func (s *RootNotFoundException) StatusCode() int {
 23731  	return s.RespMetadata.StatusCode
 23732  }
 23733  
 23734  // RequestID returns the service's response RequestID for request.
 23735  func (s *RootNotFoundException) RequestID() string {
 23736  	return s.RespMetadata.RequestID
 23737  }
 23738  
 23739  // AWS Organizations can't complete your request because of an internal service
 23740  // error. Try again later.
 23741  type ServiceException struct {
 23742  	_            struct{}                  `type:"structure"`
 23743  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 23744  
 23745  	Message_ *string `locationName:"Message" type:"string"`
 23746  }
 23747  
 23748  // String returns the string representation.
 23749  //
 23750  // API parameter values that are decorated as "sensitive" in the API will not
 23751  // be included in the string output. The member name will be present, but the
 23752  // value will be replaced with "sensitive".
 23753  func (s ServiceException) String() string {
 23754  	return awsutil.Prettify(s)
 23755  }
 23756  
 23757  // GoString returns the string representation.
 23758  //
 23759  // API parameter values that are decorated as "sensitive" in the API will not
 23760  // be included in the string output. The member name will be present, but the
 23761  // value will be replaced with "sensitive".
 23762  func (s ServiceException) GoString() string {
 23763  	return s.String()
 23764  }
 23765  
 23766  func newErrorServiceException(v protocol.ResponseMetadata) error {
 23767  	return &ServiceException{
 23768  		RespMetadata: v,
 23769  	}
 23770  }
 23771  
 23772  // Code returns the exception type name.
 23773  func (s *ServiceException) Code() string {
 23774  	return "ServiceException"
 23775  }
 23776  
 23777  // Message returns the exception's message.
 23778  func (s *ServiceException) Message() string {
 23779  	if s.Message_ != nil {
 23780  		return *s.Message_
 23781  	}
 23782  	return ""
 23783  }
 23784  
 23785  // OrigErr always returns nil, satisfies awserr.Error interface.
 23786  func (s *ServiceException) OrigErr() error {
 23787  	return nil
 23788  }
 23789  
 23790  func (s *ServiceException) Error() string {
 23791  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 23792  }
 23793  
 23794  // Status code returns the HTTP status code for the request's response error.
 23795  func (s *ServiceException) StatusCode() int {
 23796  	return s.RespMetadata.StatusCode
 23797  }
 23798  
 23799  // RequestID returns the service's response RequestID for request.
 23800  func (s *ServiceException) RequestID() string {
 23801  	return s.RespMetadata.RequestID
 23802  }
 23803  
 23804  // We can't find a source root or OU with the ParentId that you specified.
 23805  type SourceParentNotFoundException struct {
 23806  	_            struct{}                  `type:"structure"`
 23807  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 23808  
 23809  	Message_ *string `locationName:"Message" type:"string"`
 23810  }
 23811  
 23812  // String returns the string representation.
 23813  //
 23814  // API parameter values that are decorated as "sensitive" in the API will not
 23815  // be included in the string output. The member name will be present, but the
 23816  // value will be replaced with "sensitive".
 23817  func (s SourceParentNotFoundException) String() string {
 23818  	return awsutil.Prettify(s)
 23819  }
 23820  
 23821  // GoString returns the string representation.
 23822  //
 23823  // API parameter values that are decorated as "sensitive" in the API will not
 23824  // be included in the string output. The member name will be present, but the
 23825  // value will be replaced with "sensitive".
 23826  func (s SourceParentNotFoundException) GoString() string {
 23827  	return s.String()
 23828  }
 23829  
 23830  func newErrorSourceParentNotFoundException(v protocol.ResponseMetadata) error {
 23831  	return &SourceParentNotFoundException{
 23832  		RespMetadata: v,
 23833  	}
 23834  }
 23835  
 23836  // Code returns the exception type name.
 23837  func (s *SourceParentNotFoundException) Code() string {
 23838  	return "SourceParentNotFoundException"
 23839  }
 23840  
 23841  // Message returns the exception's message.
 23842  func (s *SourceParentNotFoundException) Message() string {
 23843  	if s.Message_ != nil {
 23844  		return *s.Message_
 23845  	}
 23846  	return ""
 23847  }
 23848  
 23849  // OrigErr always returns nil, satisfies awserr.Error interface.
 23850  func (s *SourceParentNotFoundException) OrigErr() error {
 23851  	return nil
 23852  }
 23853  
 23854  func (s *SourceParentNotFoundException) Error() string {
 23855  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 23856  }
 23857  
 23858  // Status code returns the HTTP status code for the request's response error.
 23859  func (s *SourceParentNotFoundException) StatusCode() int {
 23860  	return s.RespMetadata.StatusCode
 23861  }
 23862  
 23863  // RequestID returns the service's response RequestID for request.
 23864  func (s *SourceParentNotFoundException) RequestID() string {
 23865  	return s.RespMetadata.RequestID
 23866  }
 23867  
 23868  // A custom key-value pair associated with a resource within your organization.
 23869  //
 23870  // You can attach tags to any of the following organization resources.
 23871  //
 23872  //    * AWS account
 23873  //
 23874  //    * Organizational unit (OU)
 23875  //
 23876  //    * Organization root
 23877  //
 23878  //    * Policy
 23879  type Tag struct {
 23880  	_ struct{} `type:"structure"`
 23881  
 23882  	// The key identifier, or name, of the tag.
 23883  	//
 23884  	// Key is a required field
 23885  	Key *string `min:"1" type:"string" required:"true"`
 23886  
 23887  	// The string value that's associated with the key of the tag. You can set the
 23888  	// value of a tag to an empty string, but you can't set the value of a tag to
 23889  	// null.
 23890  	//
 23891  	// Value is a required field
 23892  	Value *string `type:"string" required:"true"`
 23893  }
 23894  
 23895  // String returns the string representation.
 23896  //
 23897  // API parameter values that are decorated as "sensitive" in the API will not
 23898  // be included in the string output. The member name will be present, but the
 23899  // value will be replaced with "sensitive".
 23900  func (s Tag) String() string {
 23901  	return awsutil.Prettify(s)
 23902  }
 23903  
 23904  // GoString returns the string representation.
 23905  //
 23906  // API parameter values that are decorated as "sensitive" in the API will not
 23907  // be included in the string output. The member name will be present, but the
 23908  // value will be replaced with "sensitive".
 23909  func (s Tag) GoString() string {
 23910  	return s.String()
 23911  }
 23912  
 23913  // Validate inspects the fields of the type to determine if they are valid.
 23914  func (s *Tag) Validate() error {
 23915  	invalidParams := request.ErrInvalidParams{Context: "Tag"}
 23916  	if s.Key == nil {
 23917  		invalidParams.Add(request.NewErrParamRequired("Key"))
 23918  	}
 23919  	if s.Key != nil && len(*s.Key) < 1 {
 23920  		invalidParams.Add(request.NewErrParamMinLen("Key", 1))
 23921  	}
 23922  	if s.Value == nil {
 23923  		invalidParams.Add(request.NewErrParamRequired("Value"))
 23924  	}
 23925  
 23926  	if invalidParams.Len() > 0 {
 23927  		return invalidParams
 23928  	}
 23929  	return nil
 23930  }
 23931  
 23932  // SetKey sets the Key field's value.
 23933  func (s *Tag) SetKey(v string) *Tag {
 23934  	s.Key = &v
 23935  	return s
 23936  }
 23937  
 23938  // SetValue sets the Value field's value.
 23939  func (s *Tag) SetValue(v string) *Tag {
 23940  	s.Value = &v
 23941  	return s
 23942  }
 23943  
 23944  type TagResourceInput struct {
 23945  	_ struct{} `type:"structure"`
 23946  
 23947  	// The ID of the resource to add a tag to.
 23948  	//
 23949  	// ResourceId is a required field
 23950  	ResourceId *string `type:"string" required:"true"`
 23951  
 23952  	// A list of tags to add to the specified resource.
 23953  	//
 23954  	// You can specify any of the following taggable resources.
 23955  	//
 23956  	//    * AWS account – specify the account ID number.
 23957  	//
 23958  	//    * Organizational unit – specify the OU ID that begins with ou- and looks
 23959  	//    similar to: ou-1a2b-34uvwxyz
 23960  	//
 23961  	//    * Root – specify the root ID that begins with r- and looks similar to:
 23962  	//    r-1a2b
 23963  	//
 23964  	//    * Policy – specify the policy ID that begins with p- andlooks similar
 23965  	//    to: p-12abcdefg3
 23966  	//
 23967  	// For each tag in the list, you must specify both a tag key and a value. You
 23968  	// can set the value to an empty string, but you can't set it to null.
 23969  	//
 23970  	// If any one of the tags is invalid or if you exceed the allowed number of
 23971  	// tags for an account user, then the entire request fails and the account is
 23972  	// not created.
 23973  	//
 23974  	// Tags is a required field
 23975  	Tags []*Tag `type:"list" required:"true"`
 23976  }
 23977  
 23978  // String returns the string representation.
 23979  //
 23980  // API parameter values that are decorated as "sensitive" in the API will not
 23981  // be included in the string output. The member name will be present, but the
 23982  // value will be replaced with "sensitive".
 23983  func (s TagResourceInput) String() string {
 23984  	return awsutil.Prettify(s)
 23985  }
 23986  
 23987  // GoString returns the string representation.
 23988  //
 23989  // API parameter values that are decorated as "sensitive" in the API will not
 23990  // be included in the string output. The member name will be present, but the
 23991  // value will be replaced with "sensitive".
 23992  func (s TagResourceInput) GoString() string {
 23993  	return s.String()
 23994  }
 23995  
 23996  // Validate inspects the fields of the type to determine if they are valid.
 23997  func (s *TagResourceInput) Validate() error {
 23998  	invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
 23999  	if s.ResourceId == nil {
 24000  		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
 24001  	}
 24002  	if s.Tags == nil {
 24003  		invalidParams.Add(request.NewErrParamRequired("Tags"))
 24004  	}
 24005  	if s.Tags != nil {
 24006  		for i, v := range s.Tags {
 24007  			if v == nil {
 24008  				continue
 24009  			}
 24010  			if err := v.Validate(); err != nil {
 24011  				invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
 24012  			}
 24013  		}
 24014  	}
 24015  
 24016  	if invalidParams.Len() > 0 {
 24017  		return invalidParams
 24018  	}
 24019  	return nil
 24020  }
 24021  
 24022  // SetResourceId sets the ResourceId field's value.
 24023  func (s *TagResourceInput) SetResourceId(v string) *TagResourceInput {
 24024  	s.ResourceId = &v
 24025  	return s
 24026  }
 24027  
 24028  // SetTags sets the Tags field's value.
 24029  func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
 24030  	s.Tags = v
 24031  	return s
 24032  }
 24033  
 24034  type TagResourceOutput struct {
 24035  	_ struct{} `type:"structure"`
 24036  }
 24037  
 24038  // String returns the string representation.
 24039  //
 24040  // API parameter values that are decorated as "sensitive" in the API will not
 24041  // be included in the string output. The member name will be present, but the
 24042  // value will be replaced with "sensitive".
 24043  func (s TagResourceOutput) String() string {
 24044  	return awsutil.Prettify(s)
 24045  }
 24046  
 24047  // GoString returns the string representation.
 24048  //
 24049  // API parameter values that are decorated as "sensitive" in the API will not
 24050  // be included in the string output. The member name will be present, but the
 24051  // value will be replaced with "sensitive".
 24052  func (s TagResourceOutput) GoString() string {
 24053  	return s.String()
 24054  }
 24055  
 24056  // We can't find a root, OU, account, or policy with the TargetId that you specified.
 24057  type TargetNotFoundException struct {
 24058  	_            struct{}                  `type:"structure"`
 24059  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 24060  
 24061  	Message_ *string `locationName:"Message" type:"string"`
 24062  }
 24063  
 24064  // String returns the string representation.
 24065  //
 24066  // API parameter values that are decorated as "sensitive" in the API will not
 24067  // be included in the string output. The member name will be present, but the
 24068  // value will be replaced with "sensitive".
 24069  func (s TargetNotFoundException) String() string {
 24070  	return awsutil.Prettify(s)
 24071  }
 24072  
 24073  // GoString returns the string representation.
 24074  //
 24075  // API parameter values that are decorated as "sensitive" in the API will not
 24076  // be included in the string output. The member name will be present, but the
 24077  // value will be replaced with "sensitive".
 24078  func (s TargetNotFoundException) GoString() string {
 24079  	return s.String()
 24080  }
 24081  
 24082  func newErrorTargetNotFoundException(v protocol.ResponseMetadata) error {
 24083  	return &TargetNotFoundException{
 24084  		RespMetadata: v,
 24085  	}
 24086  }
 24087  
 24088  // Code returns the exception type name.
 24089  func (s *TargetNotFoundException) Code() string {
 24090  	return "TargetNotFoundException"
 24091  }
 24092  
 24093  // Message returns the exception's message.
 24094  func (s *TargetNotFoundException) Message() string {
 24095  	if s.Message_ != nil {
 24096  		return *s.Message_
 24097  	}
 24098  	return ""
 24099  }
 24100  
 24101  // OrigErr always returns nil, satisfies awserr.Error interface.
 24102  func (s *TargetNotFoundException) OrigErr() error {
 24103  	return nil
 24104  }
 24105  
 24106  func (s *TargetNotFoundException) Error() string {
 24107  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 24108  }
 24109  
 24110  // Status code returns the HTTP status code for the request's response error.
 24111  func (s *TargetNotFoundException) StatusCode() int {
 24112  	return s.RespMetadata.StatusCode
 24113  }
 24114  
 24115  // RequestID returns the service's response RequestID for request.
 24116  func (s *TargetNotFoundException) RequestID() string {
 24117  	return s.RespMetadata.RequestID
 24118  }
 24119  
 24120  // You have sent too many requests in too short a period of time. The quota
 24121  // helps protect against denial-of-service attacks. Try again later.
 24122  //
 24123  // For information about quotas that affect AWS Organizations, see Quotas for
 24124  // AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_limits.html)in
 24125  // the AWS Organizations User Guide.
 24126  type TooManyRequestsException struct {
 24127  	_            struct{}                  `type:"structure"`
 24128  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 24129  
 24130  	Message_ *string `locationName:"Message" type:"string"`
 24131  
 24132  	Type *string `type:"string"`
 24133  }
 24134  
 24135  // String returns the string representation.
 24136  //
 24137  // API parameter values that are decorated as "sensitive" in the API will not
 24138  // be included in the string output. The member name will be present, but the
 24139  // value will be replaced with "sensitive".
 24140  func (s TooManyRequestsException) String() string {
 24141  	return awsutil.Prettify(s)
 24142  }
 24143  
 24144  // GoString returns the string representation.
 24145  //
 24146  // API parameter values that are decorated as "sensitive" in the API will not
 24147  // be included in the string output. The member name will be present, but the
 24148  // value will be replaced with "sensitive".
 24149  func (s TooManyRequestsException) GoString() string {
 24150  	return s.String()
 24151  }
 24152  
 24153  func newErrorTooManyRequestsException(v protocol.ResponseMetadata) error {
 24154  	return &TooManyRequestsException{
 24155  		RespMetadata: v,
 24156  	}
 24157  }
 24158  
 24159  // Code returns the exception type name.
 24160  func (s *TooManyRequestsException) Code() string {
 24161  	return "TooManyRequestsException"
 24162  }
 24163  
 24164  // Message returns the exception's message.
 24165  func (s *TooManyRequestsException) Message() string {
 24166  	if s.Message_ != nil {
 24167  		return *s.Message_
 24168  	}
 24169  	return ""
 24170  }
 24171  
 24172  // OrigErr always returns nil, satisfies awserr.Error interface.
 24173  func (s *TooManyRequestsException) OrigErr() error {
 24174  	return nil
 24175  }
 24176  
 24177  func (s *TooManyRequestsException) Error() string {
 24178  	return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
 24179  }
 24180  
 24181  // Status code returns the HTTP status code for the request's response error.
 24182  func (s *TooManyRequestsException) StatusCode() int {
 24183  	return s.RespMetadata.StatusCode
 24184  }
 24185  
 24186  // RequestID returns the service's response RequestID for request.
 24187  func (s *TooManyRequestsException) RequestID() string {
 24188  	return s.RespMetadata.RequestID
 24189  }
 24190  
 24191  // This action isn't available in the current AWS Region.
 24192  type UnsupportedAPIEndpointException struct {
 24193  	_            struct{}                  `type:"structure"`
 24194  	RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
 24195  
 24196  	Message_ *string `locationName:"Message" type:"string"`
 24197  }
 24198  
 24199  // String returns the string representation.
 24200  //
 24201  // API parameter values that are decorated as "sensitive" in the API will not
 24202  // be included in the string output. The member name will be present, but the
 24203  // value will be replaced with "sensitive".
 24204  func (s UnsupportedAPIEndpointException) String() string {
 24205  	return awsutil.Prettify(s)
 24206  }
 24207  
 24208  // GoString returns the string representation.
 24209  //
 24210  // API parameter values that are decorated as "sensitive" in the API will not
 24211  // be included in the string output. The member name will be present, but the
 24212  // value will be replaced with "sensitive".
 24213  func (s UnsupportedAPIEndpointException) GoString() string {
 24214  	return s.String()
 24215  }
 24216  
 24217  func newErrorUnsupportedAPIEndpointException(v protocol.ResponseMetadata) error {
 24218  	return &UnsupportedAPIEndpointException{
 24219  		RespMetadata: v,
 24220  	}
 24221  }
 24222  
 24223  // Code returns the exception type name.
 24224  func (s *UnsupportedAPIEndpointException) Code() string {
 24225  	return "UnsupportedAPIEndpointException"
 24226  }
 24227  
 24228  // Message returns the exception's message.
 24229  func (s *UnsupportedAPIEndpointException) Message() string {
 24230  	if s.Message_ != nil {
 24231  		return *s.Message_
 24232  	}
 24233  	return ""
 24234  }
 24235  
 24236  // OrigErr always returns nil, satisfies awserr.Error interface.
 24237  func (s *UnsupportedAPIEndpointException) OrigErr() error {
 24238  	return nil
 24239  }
 24240  
 24241  func (s *UnsupportedAPIEndpointException) Error() string {
 24242  	return fmt.Sprintf("%s: %s", s.Code(), s.Message())
 24243  }
 24244  
 24245  // Status code returns the HTTP status code for the request's response error.
 24246  func (s *UnsupportedAPIEndpointException) StatusCode() int {
 24247  	return s.RespMetadata.StatusCode
 24248  }
 24249  
 24250  // RequestID returns the service's response RequestID for request.
 24251  func (s *UnsupportedAPIEndpointException) RequestID() string {
 24252  	return s.RespMetadata.RequestID
 24253  }
 24254  
 24255  type UntagResourceInput struct {
 24256  	_ struct{} `type:"structure"`
 24257  
 24258  	// The ID of the resource to remove a tag from.
 24259  	//
 24260  	// You can specify any of the following taggable resources.
 24261  	//
 24262  	//    * AWS account – specify the account ID number.
 24263  	//
 24264  	//    * Organizational unit – specify the OU ID that begins with ou- and looks
 24265  	//    similar to: ou-1a2b-34uvwxyz
 24266  	//
 24267  	//    * Root – specify the root ID that begins with r- and looks similar to:
 24268  	//    r-1a2b
 24269  	//
 24270  	//    * Policy – specify the policy ID that begins with p- andlooks similar
 24271  	//    to: p-12abcdefg3
 24272  	//
 24273  	// ResourceId is a required field
 24274  	ResourceId *string `type:"string" required:"true"`
 24275  
 24276  	// The list of keys for tags to remove from the specified resource.
 24277  	//
 24278  	// TagKeys is a required field
 24279  	TagKeys []*string `type:"list" required:"true"`
 24280  }
 24281  
 24282  // String returns the string representation.
 24283  //
 24284  // API parameter values that are decorated as "sensitive" in the API will not
 24285  // be included in the string output. The member name will be present, but the
 24286  // value will be replaced with "sensitive".
 24287  func (s UntagResourceInput) String() string {
 24288  	return awsutil.Prettify(s)
 24289  }
 24290  
 24291  // GoString returns the string representation.
 24292  //
 24293  // API parameter values that are decorated as "sensitive" in the API will not
 24294  // be included in the string output. The member name will be present, but the
 24295  // value will be replaced with "sensitive".
 24296  func (s UntagResourceInput) GoString() string {
 24297  	return s.String()
 24298  }
 24299  
 24300  // Validate inspects the fields of the type to determine if they are valid.
 24301  func (s *UntagResourceInput) Validate() error {
 24302  	invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
 24303  	if s.ResourceId == nil {
 24304  		invalidParams.Add(request.NewErrParamRequired("ResourceId"))
 24305  	}
 24306  	if s.TagKeys == nil {
 24307  		invalidParams.Add(request.NewErrParamRequired("TagKeys"))
 24308  	}
 24309  
 24310  	if invalidParams.Len() > 0 {
 24311  		return invalidParams
 24312  	}
 24313  	return nil
 24314  }
 24315  
 24316  // SetResourceId sets the ResourceId field's value.
 24317  func (s *UntagResourceInput) SetResourceId(v string) *UntagResourceInput {
 24318  	s.ResourceId = &v
 24319  	return s
 24320  }
 24321  
 24322  // SetTagKeys sets the TagKeys field's value.
 24323  func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
 24324  	s.TagKeys = v
 24325  	return s
 24326  }
 24327  
 24328  type UntagResourceOutput struct {
 24329  	_ struct{} `type:"structure"`
 24330  }
 24331  
 24332  // String returns the string representation.
 24333  //
 24334  // API parameter values that are decorated as "sensitive" in the API will not
 24335  // be included in the string output. The member name will be present, but the
 24336  // value will be replaced with "sensitive".
 24337  func (s UntagResourceOutput) String() string {
 24338  	return awsutil.Prettify(s)
 24339  }
 24340  
 24341  // GoString returns the string representation.
 24342  //
 24343  // API parameter values that are decorated as "sensitive" in the API will not
 24344  // be included in the string output. The member name will be present, but the
 24345  // value will be replaced with "sensitive".
 24346  func (s UntagResourceOutput) GoString() string {
 24347  	return s.String()
 24348  }
 24349  
 24350  type UpdateOrganizationalUnitInput struct {
 24351  	_ struct{} `type:"structure"`
 24352  
 24353  	// The new name that you want to assign to the OU.
 24354  	//
 24355  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 24356  	// this parameter is a string of any of the characters in the ASCII character
 24357  	// range.
 24358  	Name *string `min:"1" type:"string"`
 24359  
 24360  	// The unique identifier (ID) of the OU that you want to rename. You can get
 24361  	// the ID from the ListOrganizationalUnitsForParent operation.
 24362  	//
 24363  	// The regex pattern (http://wikipedia.org/wiki/regex) for an organizational
 24364  	// unit ID string requires "ou-" followed by from 4 to 32 lowercase letters
 24365  	// or digits (the ID of the root that contains the OU). This string is followed
 24366  	// by a second "-" dash and from 8 to 32 additional lowercase letters or digits.
 24367  	//
 24368  	// OrganizationalUnitId is a required field
 24369  	OrganizationalUnitId *string `type:"string" required:"true"`
 24370  }
 24371  
 24372  // String returns the string representation.
 24373  //
 24374  // API parameter values that are decorated as "sensitive" in the API will not
 24375  // be included in the string output. The member name will be present, but the
 24376  // value will be replaced with "sensitive".
 24377  func (s UpdateOrganizationalUnitInput) String() string {
 24378  	return awsutil.Prettify(s)
 24379  }
 24380  
 24381  // GoString returns the string representation.
 24382  //
 24383  // API parameter values that are decorated as "sensitive" in the API will not
 24384  // be included in the string output. The member name will be present, but the
 24385  // value will be replaced with "sensitive".
 24386  func (s UpdateOrganizationalUnitInput) GoString() string {
 24387  	return s.String()
 24388  }
 24389  
 24390  // Validate inspects the fields of the type to determine if they are valid.
 24391  func (s *UpdateOrganizationalUnitInput) Validate() error {
 24392  	invalidParams := request.ErrInvalidParams{Context: "UpdateOrganizationalUnitInput"}
 24393  	if s.Name != nil && len(*s.Name) < 1 {
 24394  		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
 24395  	}
 24396  	if s.OrganizationalUnitId == nil {
 24397  		invalidParams.Add(request.NewErrParamRequired("OrganizationalUnitId"))
 24398  	}
 24399  
 24400  	if invalidParams.Len() > 0 {
 24401  		return invalidParams
 24402  	}
 24403  	return nil
 24404  }
 24405  
 24406  // SetName sets the Name field's value.
 24407  func (s *UpdateOrganizationalUnitInput) SetName(v string) *UpdateOrganizationalUnitInput {
 24408  	s.Name = &v
 24409  	return s
 24410  }
 24411  
 24412  // SetOrganizationalUnitId sets the OrganizationalUnitId field's value.
 24413  func (s *UpdateOrganizationalUnitInput) SetOrganizationalUnitId(v string) *UpdateOrganizationalUnitInput {
 24414  	s.OrganizationalUnitId = &v
 24415  	return s
 24416  }
 24417  
 24418  type UpdateOrganizationalUnitOutput struct {
 24419  	_ struct{} `type:"structure"`
 24420  
 24421  	// A structure that contains the details about the specified OU, including its
 24422  	// new name.
 24423  	OrganizationalUnit *OrganizationalUnit `type:"structure"`
 24424  }
 24425  
 24426  // String returns the string representation.
 24427  //
 24428  // API parameter values that are decorated as "sensitive" in the API will not
 24429  // be included in the string output. The member name will be present, but the
 24430  // value will be replaced with "sensitive".
 24431  func (s UpdateOrganizationalUnitOutput) String() string {
 24432  	return awsutil.Prettify(s)
 24433  }
 24434  
 24435  // GoString returns the string representation.
 24436  //
 24437  // API parameter values that are decorated as "sensitive" in the API will not
 24438  // be included in the string output. The member name will be present, but the
 24439  // value will be replaced with "sensitive".
 24440  func (s UpdateOrganizationalUnitOutput) GoString() string {
 24441  	return s.String()
 24442  }
 24443  
 24444  // SetOrganizationalUnit sets the OrganizationalUnit field's value.
 24445  func (s *UpdateOrganizationalUnitOutput) SetOrganizationalUnit(v *OrganizationalUnit) *UpdateOrganizationalUnitOutput {
 24446  	s.OrganizationalUnit = v
 24447  	return s
 24448  }
 24449  
 24450  type UpdatePolicyInput struct {
 24451  	_ struct{} `type:"structure"`
 24452  
 24453  	// If provided, the new content for the policy. The text must be correctly formatted
 24454  	// JSON that complies with the syntax for the policy's type. For more information,
 24455  	// see Service Control Policy Syntax (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html)
 24456  	// in the AWS Organizations User Guide.
 24457  	Content *string `min:"1" type:"string"`
 24458  
 24459  	// If provided, the new description for the policy.
 24460  	Description *string `type:"string"`
 24461  
 24462  	// If provided, the new name for the policy.
 24463  	//
 24464  	// The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate
 24465  	// this parameter is a string of any of the characters in the ASCII character
 24466  	// range.
 24467  	Name *string `min:"1" type:"string"`
 24468  
 24469  	// The unique identifier (ID) of the policy that you want to update.
 24470  	//
 24471  	// The regex pattern (http://wikipedia.org/wiki/regex) for a policy ID string
 24472  	// requires "p-" followed by from 8 to 128 lowercase or uppercase letters, digits,
 24473  	// or the underscore character (_).
 24474  	//
 24475  	// PolicyId is a required field
 24476  	PolicyId *string `type:"string" required:"true"`
 24477  }
 24478  
 24479  // String returns the string representation.
 24480  //
 24481  // API parameter values that are decorated as "sensitive" in the API will not
 24482  // be included in the string output. The member name will be present, but the
 24483  // value will be replaced with "sensitive".
 24484  func (s UpdatePolicyInput) String() string {
 24485  	return awsutil.Prettify(s)
 24486  }
 24487  
 24488  // GoString returns the string representation.
 24489  //
 24490  // API parameter values that are decorated as "sensitive" in the API will not
 24491  // be included in the string output. The member name will be present, but the
 24492  // value will be replaced with "sensitive".
 24493  func (s UpdatePolicyInput) GoString() string {
 24494  	return s.String()
 24495  }
 24496  
 24497  // Validate inspects the fields of the type to determine if they are valid.
 24498  func (s *UpdatePolicyInput) Validate() error {
 24499  	invalidParams := request.ErrInvalidParams{Context: "UpdatePolicyInput"}
 24500  	if s.Content != nil && len(*s.Content) < 1 {
 24501  		invalidParams.Add(request.NewErrParamMinLen("Content", 1))
 24502  	}
 24503  	if s.Name != nil && len(*s.Name) < 1 {
 24504  		invalidParams.Add(request.NewErrParamMinLen("Name", 1))
 24505  	}
 24506  	if s.PolicyId == nil {
 24507  		invalidParams.Add(request.NewErrParamRequired("PolicyId"))
 24508  	}
 24509  
 24510  	if invalidParams.Len() > 0 {
 24511  		return invalidParams
 24512  	}
 24513  	return nil
 24514  }
 24515  
 24516  // SetContent sets the Content field's value.
 24517  func (s *UpdatePolicyInput) SetContent(v string) *UpdatePolicyInput {
 24518  	s.Content = &v
 24519  	return s
 24520  }
 24521  
 24522  // SetDescription sets the Description field's value.
 24523  func (s *UpdatePolicyInput) SetDescription(v string) *UpdatePolicyInput {
 24524  	s.Description = &v
 24525  	return s
 24526  }
 24527  
 24528  // SetName sets the Name field's value.
 24529  func (s *UpdatePolicyInput) SetName(v string) *UpdatePolicyInput {
 24530  	s.Name = &v
 24531  	return s
 24532  }
 24533  
 24534  // SetPolicyId sets the PolicyId field's value.
 24535  func (s *UpdatePolicyInput) SetPolicyId(v string) *UpdatePolicyInput {
 24536  	s.PolicyId = &v
 24537  	return s
 24538  }
 24539  
 24540  type UpdatePolicyOutput struct {
 24541  	_ struct{} `type:"structure"`
 24542  
 24543  	// A structure that contains details about the updated policy, showing the requested
 24544  	// changes.
 24545  	Policy *Policy `type:"structure"`
 24546  }
 24547  
 24548  // String returns the string representation.
 24549  //
 24550  // API parameter values that are decorated as "sensitive" in the API will not
 24551  // be included in the string output. The member name will be present, but the
 24552  // value will be replaced with "sensitive".
 24553  func (s UpdatePolicyOutput) String() string {
 24554  	return awsutil.Prettify(s)
 24555  }
 24556  
 24557  // GoString returns the string representation.
 24558  //
 24559  // API parameter values that are decorated as "sensitive" in the API will not
 24560  // be included in the string output. The member name will be present, but the
 24561  // value will be replaced with "sensitive".
 24562  func (s UpdatePolicyOutput) GoString() string {
 24563  	return s.String()
 24564  }
 24565  
 24566  // SetPolicy sets the Policy field's value.
 24567  func (s *UpdatePolicyOutput) SetPolicy(v *Policy) *UpdatePolicyOutput {
 24568  	s.Policy = v
 24569  	return s
 24570  }
 24571  
 24572  const (
 24573  	// AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole is a AccessDeniedForDependencyExceptionReason enum value
 24574  	AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole = "ACCESS_DENIED_DURING_CREATE_SERVICE_LINKED_ROLE"
 24575  )
 24576  
 24577  // AccessDeniedForDependencyExceptionReason_Values returns all elements of the AccessDeniedForDependencyExceptionReason enum
 24578  func AccessDeniedForDependencyExceptionReason_Values() []string {
 24579  	return []string{
 24580  		AccessDeniedForDependencyExceptionReasonAccessDeniedDuringCreateServiceLinkedRole,
 24581  	}
 24582  }
 24583  
 24584  const (
 24585  	// AccountJoinedMethodInvited is a AccountJoinedMethod enum value
 24586  	AccountJoinedMethodInvited = "INVITED"
 24587  
 24588  	// AccountJoinedMethodCreated is a AccountJoinedMethod enum value
 24589  	AccountJoinedMethodCreated = "CREATED"
 24590  )
 24591  
 24592  // AccountJoinedMethod_Values returns all elements of the AccountJoinedMethod enum
 24593  func AccountJoinedMethod_Values() []string {
 24594  	return []string{
 24595  		AccountJoinedMethodInvited,
 24596  		AccountJoinedMethodCreated,
 24597  	}
 24598  }
 24599  
 24600  const (
 24601  	// AccountStatusActive is a AccountStatus enum value
 24602  	AccountStatusActive = "ACTIVE"
 24603  
 24604  	// AccountStatusSuspended is a AccountStatus enum value
 24605  	AccountStatusSuspended = "SUSPENDED"
 24606  )
 24607  
 24608  // AccountStatus_Values returns all elements of the AccountStatus enum
 24609  func AccountStatus_Values() []string {
 24610  	return []string{
 24611  		AccountStatusActive,
 24612  		AccountStatusSuspended,
 24613  	}
 24614  }
 24615  
 24616  const (
 24617  	// ActionTypeInvite is a ActionType enum value
 24618  	ActionTypeInvite = "INVITE"
 24619  
 24620  	// ActionTypeEnableAllFeatures is a ActionType enum value
 24621  	ActionTypeEnableAllFeatures = "ENABLE_ALL_FEATURES"
 24622  
 24623  	// ActionTypeApproveAllFeatures is a ActionType enum value
 24624  	ActionTypeApproveAllFeatures = "APPROVE_ALL_FEATURES"
 24625  
 24626  	// ActionTypeAddOrganizationsServiceLinkedRole is a ActionType enum value
 24627  	ActionTypeAddOrganizationsServiceLinkedRole = "ADD_ORGANIZATIONS_SERVICE_LINKED_ROLE"
 24628  )
 24629  
 24630  // ActionType_Values returns all elements of the ActionType enum
 24631  func ActionType_Values() []string {
 24632  	return []string{
 24633  		ActionTypeInvite,
 24634  		ActionTypeEnableAllFeatures,
 24635  		ActionTypeApproveAllFeatures,
 24636  		ActionTypeAddOrganizationsServiceLinkedRole,
 24637  	}
 24638  }
 24639  
 24640  const (
 24641  	// ChildTypeAccount is a ChildType enum value
 24642  	ChildTypeAccount = "ACCOUNT"
 24643  
 24644  	// ChildTypeOrganizationalUnit is a ChildType enum value
 24645  	ChildTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
 24646  )
 24647  
 24648  // ChildType_Values returns all elements of the ChildType enum
 24649  func ChildType_Values() []string {
 24650  	return []string{
 24651  		ChildTypeAccount,
 24652  		ChildTypeOrganizationalUnit,
 24653  	}
 24654  }
 24655  
 24656  const (
 24657  	// ConstraintViolationExceptionReasonAccountNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
 24658  	ConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
 24659  
 24660  	// ConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a ConstraintViolationExceptionReason enum value
 24661  	ConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
 24662  
 24663  	// ConstraintViolationExceptionReasonOuNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
 24664  	ConstraintViolationExceptionReasonOuNumberLimitExceeded = "OU_NUMBER_LIMIT_EXCEEDED"
 24665  
 24666  	// ConstraintViolationExceptionReasonOuDepthLimitExceeded is a ConstraintViolationExceptionReason enum value
 24667  	ConstraintViolationExceptionReasonOuDepthLimitExceeded = "OU_DEPTH_LIMIT_EXCEEDED"
 24668  
 24669  	// ConstraintViolationExceptionReasonPolicyNumberLimitExceeded is a ConstraintViolationExceptionReason enum value
 24670  	ConstraintViolationExceptionReasonPolicyNumberLimitExceeded = "POLICY_NUMBER_LIMIT_EXCEEDED"
 24671  
 24672  	// ConstraintViolationExceptionReasonPolicyContentLimitExceeded is a ConstraintViolationExceptionReason enum value
 24673  	ConstraintViolationExceptionReasonPolicyContentLimitExceeded = "POLICY_CONTENT_LIMIT_EXCEEDED"
 24674  
 24675  	// ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
 24676  	ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded = "MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
 24677  
 24678  	// ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded is a ConstraintViolationExceptionReason enum value
 24679  	ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded = "MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED"
 24680  
 24681  	// ConstraintViolationExceptionReasonAccountCannotLeaveOrganization is a ConstraintViolationExceptionReason enum value
 24682  	ConstraintViolationExceptionReasonAccountCannotLeaveOrganization = "ACCOUNT_CANNOT_LEAVE_ORGANIZATION"
 24683  
 24684  	// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula is a ConstraintViolationExceptionReason enum value
 24685  	ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula = "ACCOUNT_CANNOT_LEAVE_WITHOUT_EULA"
 24686  
 24687  	// ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification is a ConstraintViolationExceptionReason enum value
 24688  	ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification = "ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION"
 24689  
 24690  	// ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
 24691  	ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired = "MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
 24692  
 24693  	// ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired is a ConstraintViolationExceptionReason enum value
 24694  	ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired = "MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED"
 24695  
 24696  	// ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded is a ConstraintViolationExceptionReason enum value
 24697  	ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded = "ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED"
 24698  
 24699  	// ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace is a ConstraintViolationExceptionReason enum value
 24700  	ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace = "MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE"
 24701  
 24702  	// ConstraintViolationExceptionReasonMasterAccountMissingContactInfo is a ConstraintViolationExceptionReason enum value
 24703  	ConstraintViolationExceptionReasonMasterAccountMissingContactInfo = "MASTER_ACCOUNT_MISSING_CONTACT_INFO"
 24704  
 24705  	// ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled is a ConstraintViolationExceptionReason enum value
 24706  	ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled = "MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED"
 24707  
 24708  	// ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode is a ConstraintViolationExceptionReason enum value
 24709  	ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode = "ORGANIZATION_NOT_IN_ALL_FEATURES_MODE"
 24710  
 24711  	// ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion is a ConstraintViolationExceptionReason enum value
 24712  	ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion = "CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION"
 24713  
 24714  	// ConstraintViolationExceptionReasonEmailVerificationCodeExpired is a ConstraintViolationExceptionReason enum value
 24715  	ConstraintViolationExceptionReasonEmailVerificationCodeExpired = "EMAIL_VERIFICATION_CODE_EXPIRED"
 24716  
 24717  	// ConstraintViolationExceptionReasonWaitPeriodActive is a ConstraintViolationExceptionReason enum value
 24718  	ConstraintViolationExceptionReasonWaitPeriodActive = "WAIT_PERIOD_ACTIVE"
 24719  
 24720  	// ConstraintViolationExceptionReasonMaxTagLimitExceeded is a ConstraintViolationExceptionReason enum value
 24721  	ConstraintViolationExceptionReasonMaxTagLimitExceeded = "MAX_TAG_LIMIT_EXCEEDED"
 24722  
 24723  	// ConstraintViolationExceptionReasonTagPolicyViolation is a ConstraintViolationExceptionReason enum value
 24724  	ConstraintViolationExceptionReasonTagPolicyViolation = "TAG_POLICY_VIOLATION"
 24725  
 24726  	// ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded is a ConstraintViolationExceptionReason enum value
 24727  	ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded = "MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED"
 24728  
 24729  	// ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator is a ConstraintViolationExceptionReason enum value
 24730  	ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator = "CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR"
 24731  
 24732  	// ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg is a ConstraintViolationExceptionReason enum value
 24733  	ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg = "CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG"
 24734  
 24735  	// ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService is a ConstraintViolationExceptionReason enum value
 24736  	ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService = "DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE"
 24737  
 24738  	// ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense is a ConstraintViolationExceptionReason enum value
 24739  	ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense = "MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE"
 24740  )
 24741  
 24742  // ConstraintViolationExceptionReason_Values returns all elements of the ConstraintViolationExceptionReason enum
 24743  func ConstraintViolationExceptionReason_Values() []string {
 24744  	return []string{
 24745  		ConstraintViolationExceptionReasonAccountNumberLimitExceeded,
 24746  		ConstraintViolationExceptionReasonHandshakeRateLimitExceeded,
 24747  		ConstraintViolationExceptionReasonOuNumberLimitExceeded,
 24748  		ConstraintViolationExceptionReasonOuDepthLimitExceeded,
 24749  		ConstraintViolationExceptionReasonPolicyNumberLimitExceeded,
 24750  		ConstraintViolationExceptionReasonPolicyContentLimitExceeded,
 24751  		ConstraintViolationExceptionReasonMaxPolicyTypeAttachmentLimitExceeded,
 24752  		ConstraintViolationExceptionReasonMinPolicyTypeAttachmentLimitExceeded,
 24753  		ConstraintViolationExceptionReasonAccountCannotLeaveOrganization,
 24754  		ConstraintViolationExceptionReasonAccountCannotLeaveWithoutEula,
 24755  		ConstraintViolationExceptionReasonAccountCannotLeaveWithoutPhoneVerification,
 24756  		ConstraintViolationExceptionReasonMasterAccountPaymentInstrumentRequired,
 24757  		ConstraintViolationExceptionReasonMemberAccountPaymentInstrumentRequired,
 24758  		ConstraintViolationExceptionReasonAccountCreationRateLimitExceeded,
 24759  		ConstraintViolationExceptionReasonMasterAccountAddressDoesNotMatchMarketplace,
 24760  		ConstraintViolationExceptionReasonMasterAccountMissingContactInfo,
 24761  		ConstraintViolationExceptionReasonMasterAccountNotGovcloudEnabled,
 24762  		ConstraintViolationExceptionReasonOrganizationNotInAllFeaturesMode,
 24763  		ConstraintViolationExceptionReasonCreateOrganizationInBillingModeUnsupportedRegion,
 24764  		ConstraintViolationExceptionReasonEmailVerificationCodeExpired,
 24765  		ConstraintViolationExceptionReasonWaitPeriodActive,
 24766  		ConstraintViolationExceptionReasonMaxTagLimitExceeded,
 24767  		ConstraintViolationExceptionReasonTagPolicyViolation,
 24768  		ConstraintViolationExceptionReasonMaxDelegatedAdministratorsForServiceLimitExceeded,
 24769  		ConstraintViolationExceptionReasonCannotRegisterMasterAsDelegatedAdministrator,
 24770  		ConstraintViolationExceptionReasonCannotRemoveDelegatedAdministratorFromOrg,
 24771  		ConstraintViolationExceptionReasonDelegatedAdministratorExistsForThisService,
 24772  		ConstraintViolationExceptionReasonMasterAccountMissingBusinessLicense,
 24773  	}
 24774  }
 24775  
 24776  const (
 24777  	// CreateAccountFailureReasonAccountLimitExceeded is a CreateAccountFailureReason enum value
 24778  	CreateAccountFailureReasonAccountLimitExceeded = "ACCOUNT_LIMIT_EXCEEDED"
 24779  
 24780  	// CreateAccountFailureReasonEmailAlreadyExists is a CreateAccountFailureReason enum value
 24781  	CreateAccountFailureReasonEmailAlreadyExists = "EMAIL_ALREADY_EXISTS"
 24782  
 24783  	// CreateAccountFailureReasonInvalidAddress is a CreateAccountFailureReason enum value
 24784  	CreateAccountFailureReasonInvalidAddress = "INVALID_ADDRESS"
 24785  
 24786  	// CreateAccountFailureReasonInvalidEmail is a CreateAccountFailureReason enum value
 24787  	CreateAccountFailureReasonInvalidEmail = "INVALID_EMAIL"
 24788  
 24789  	// CreateAccountFailureReasonConcurrentAccountModification is a CreateAccountFailureReason enum value
 24790  	CreateAccountFailureReasonConcurrentAccountModification = "CONCURRENT_ACCOUNT_MODIFICATION"
 24791  
 24792  	// CreateAccountFailureReasonInternalFailure is a CreateAccountFailureReason enum value
 24793  	CreateAccountFailureReasonInternalFailure = "INTERNAL_FAILURE"
 24794  
 24795  	// CreateAccountFailureReasonGovcloudAccountAlreadyExists is a CreateAccountFailureReason enum value
 24796  	CreateAccountFailureReasonGovcloudAccountAlreadyExists = "GOVCLOUD_ACCOUNT_ALREADY_EXISTS"
 24797  
 24798  	// CreateAccountFailureReasonMissingBusinessValidation is a CreateAccountFailureReason enum value
 24799  	CreateAccountFailureReasonMissingBusinessValidation = "MISSING_BUSINESS_VALIDATION"
 24800  
 24801  	// CreateAccountFailureReasonFailedBusinessValidation is a CreateAccountFailureReason enum value
 24802  	CreateAccountFailureReasonFailedBusinessValidation = "FAILED_BUSINESS_VALIDATION"
 24803  
 24804  	// CreateAccountFailureReasonPendingBusinessValidation is a CreateAccountFailureReason enum value
 24805  	CreateAccountFailureReasonPendingBusinessValidation = "PENDING_BUSINESS_VALIDATION"
 24806  
 24807  	// CreateAccountFailureReasonInvalidIdentityForBusinessValidation is a CreateAccountFailureReason enum value
 24808  	CreateAccountFailureReasonInvalidIdentityForBusinessValidation = "INVALID_IDENTITY_FOR_BUSINESS_VALIDATION"
 24809  
 24810  	// CreateAccountFailureReasonUnknownBusinessValidation is a CreateAccountFailureReason enum value
 24811  	CreateAccountFailureReasonUnknownBusinessValidation = "UNKNOWN_BUSINESS_VALIDATION"
 24812  
 24813  	// CreateAccountFailureReasonMissingPaymentInstrument is a CreateAccountFailureReason enum value
 24814  	CreateAccountFailureReasonMissingPaymentInstrument = "MISSING_PAYMENT_INSTRUMENT"
 24815  )
 24816  
 24817  // CreateAccountFailureReason_Values returns all elements of the CreateAccountFailureReason enum
 24818  func CreateAccountFailureReason_Values() []string {
 24819  	return []string{
 24820  		CreateAccountFailureReasonAccountLimitExceeded,
 24821  		CreateAccountFailureReasonEmailAlreadyExists,
 24822  		CreateAccountFailureReasonInvalidAddress,
 24823  		CreateAccountFailureReasonInvalidEmail,
 24824  		CreateAccountFailureReasonConcurrentAccountModification,
 24825  		CreateAccountFailureReasonInternalFailure,
 24826  		CreateAccountFailureReasonGovcloudAccountAlreadyExists,
 24827  		CreateAccountFailureReasonMissingBusinessValidation,
 24828  		CreateAccountFailureReasonFailedBusinessValidation,
 24829  		CreateAccountFailureReasonPendingBusinessValidation,
 24830  		CreateAccountFailureReasonInvalidIdentityForBusinessValidation,
 24831  		CreateAccountFailureReasonUnknownBusinessValidation,
 24832  		CreateAccountFailureReasonMissingPaymentInstrument,
 24833  	}
 24834  }
 24835  
 24836  const (
 24837  	// CreateAccountStateInProgress is a CreateAccountState enum value
 24838  	CreateAccountStateInProgress = "IN_PROGRESS"
 24839  
 24840  	// CreateAccountStateSucceeded is a CreateAccountState enum value
 24841  	CreateAccountStateSucceeded = "SUCCEEDED"
 24842  
 24843  	// CreateAccountStateFailed is a CreateAccountState enum value
 24844  	CreateAccountStateFailed = "FAILED"
 24845  )
 24846  
 24847  // CreateAccountState_Values returns all elements of the CreateAccountState enum
 24848  func CreateAccountState_Values() []string {
 24849  	return []string{
 24850  		CreateAccountStateInProgress,
 24851  		CreateAccountStateSucceeded,
 24852  		CreateAccountStateFailed,
 24853  	}
 24854  }
 24855  
 24856  const (
 24857  	// EffectivePolicyTypeTagPolicy is a EffectivePolicyType enum value
 24858  	EffectivePolicyTypeTagPolicy = "TAG_POLICY"
 24859  
 24860  	// EffectivePolicyTypeBackupPolicy is a EffectivePolicyType enum value
 24861  	EffectivePolicyTypeBackupPolicy = "BACKUP_POLICY"
 24862  
 24863  	// EffectivePolicyTypeAiservicesOptOutPolicy is a EffectivePolicyType enum value
 24864  	EffectivePolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
 24865  )
 24866  
 24867  // EffectivePolicyType_Values returns all elements of the EffectivePolicyType enum
 24868  func EffectivePolicyType_Values() []string {
 24869  	return []string{
 24870  		EffectivePolicyTypeTagPolicy,
 24871  		EffectivePolicyTypeBackupPolicy,
 24872  		EffectivePolicyTypeAiservicesOptOutPolicy,
 24873  	}
 24874  }
 24875  
 24876  const (
 24877  	// HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
 24878  	HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded = "ACCOUNT_NUMBER_LIMIT_EXCEEDED"
 24879  
 24880  	// HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
 24881  	HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded = "HANDSHAKE_RATE_LIMIT_EXCEEDED"
 24882  
 24883  	// HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization is a HandshakeConstraintViolationExceptionReason enum value
 24884  	HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization = "ALREADY_IN_AN_ORGANIZATION"
 24885  
 24886  	// HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
 24887  	HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures = "ORGANIZATION_ALREADY_HAS_ALL_FEATURES"
 24888  
 24889  	// HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration is a HandshakeConstraintViolationExceptionReason enum value
 24890  	HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration = "ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION"
 24891  
 24892  	// HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures is a HandshakeConstraintViolationExceptionReason enum value
 24893  	HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures = "INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES"
 24894  
 24895  	// HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired is a HandshakeConstraintViolationExceptionReason enum value
 24896  	HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired = "PAYMENT_INSTRUMENT_REQUIRED"
 24897  
 24898  	// HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord is a HandshakeConstraintViolationExceptionReason enum value
 24899  	HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord = "ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD"
 24900  
 24901  	// HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded is a HandshakeConstraintViolationExceptionReason enum value
 24902  	HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded = "ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED"
 24903  )
 24904  
 24905  // HandshakeConstraintViolationExceptionReason_Values returns all elements of the HandshakeConstraintViolationExceptionReason enum
 24906  func HandshakeConstraintViolationExceptionReason_Values() []string {
 24907  	return []string{
 24908  		HandshakeConstraintViolationExceptionReasonAccountNumberLimitExceeded,
 24909  		HandshakeConstraintViolationExceptionReasonHandshakeRateLimitExceeded,
 24910  		HandshakeConstraintViolationExceptionReasonAlreadyInAnOrganization,
 24911  		HandshakeConstraintViolationExceptionReasonOrganizationAlreadyHasAllFeatures,
 24912  		HandshakeConstraintViolationExceptionReasonOrganizationIsAlreadyPendingAllFeaturesMigration,
 24913  		HandshakeConstraintViolationExceptionReasonInviteDisabledDuringEnableAllFeatures,
 24914  		HandshakeConstraintViolationExceptionReasonPaymentInstrumentRequired,
 24915  		HandshakeConstraintViolationExceptionReasonOrganizationFromDifferentSellerOfRecord,
 24916  		HandshakeConstraintViolationExceptionReasonOrganizationMembershipChangeRateLimitExceeded,
 24917  	}
 24918  }
 24919  
 24920  const (
 24921  	// HandshakePartyTypeAccount is a HandshakePartyType enum value
 24922  	HandshakePartyTypeAccount = "ACCOUNT"
 24923  
 24924  	// HandshakePartyTypeOrganization is a HandshakePartyType enum value
 24925  	HandshakePartyTypeOrganization = "ORGANIZATION"
 24926  
 24927  	// HandshakePartyTypeEmail is a HandshakePartyType enum value
 24928  	HandshakePartyTypeEmail = "EMAIL"
 24929  )
 24930  
 24931  // HandshakePartyType_Values returns all elements of the HandshakePartyType enum
 24932  func HandshakePartyType_Values() []string {
 24933  	return []string{
 24934  		HandshakePartyTypeAccount,
 24935  		HandshakePartyTypeOrganization,
 24936  		HandshakePartyTypeEmail,
 24937  	}
 24938  }
 24939  
 24940  const (
 24941  	// HandshakeResourceTypeAccount is a HandshakeResourceType enum value
 24942  	HandshakeResourceTypeAccount = "ACCOUNT"
 24943  
 24944  	// HandshakeResourceTypeOrganization is a HandshakeResourceType enum value
 24945  	HandshakeResourceTypeOrganization = "ORGANIZATION"
 24946  
 24947  	// HandshakeResourceTypeOrganizationFeatureSet is a HandshakeResourceType enum value
 24948  	HandshakeResourceTypeOrganizationFeatureSet = "ORGANIZATION_FEATURE_SET"
 24949  
 24950  	// HandshakeResourceTypeEmail is a HandshakeResourceType enum value
 24951  	HandshakeResourceTypeEmail = "EMAIL"
 24952  
 24953  	// HandshakeResourceTypeMasterEmail is a HandshakeResourceType enum value
 24954  	HandshakeResourceTypeMasterEmail = "MASTER_EMAIL"
 24955  
 24956  	// HandshakeResourceTypeMasterName is a HandshakeResourceType enum value
 24957  	HandshakeResourceTypeMasterName = "MASTER_NAME"
 24958  
 24959  	// HandshakeResourceTypeNotes is a HandshakeResourceType enum value
 24960  	HandshakeResourceTypeNotes = "NOTES"
 24961  
 24962  	// HandshakeResourceTypeParentHandshake is a HandshakeResourceType enum value
 24963  	HandshakeResourceTypeParentHandshake = "PARENT_HANDSHAKE"
 24964  )
 24965  
 24966  // HandshakeResourceType_Values returns all elements of the HandshakeResourceType enum
 24967  func HandshakeResourceType_Values() []string {
 24968  	return []string{
 24969  		HandshakeResourceTypeAccount,
 24970  		HandshakeResourceTypeOrganization,
 24971  		HandshakeResourceTypeOrganizationFeatureSet,
 24972  		HandshakeResourceTypeEmail,
 24973  		HandshakeResourceTypeMasterEmail,
 24974  		HandshakeResourceTypeMasterName,
 24975  		HandshakeResourceTypeNotes,
 24976  		HandshakeResourceTypeParentHandshake,
 24977  	}
 24978  }
 24979  
 24980  const (
 24981  	// HandshakeStateRequested is a HandshakeState enum value
 24982  	HandshakeStateRequested = "REQUESTED"
 24983  
 24984  	// HandshakeStateOpen is a HandshakeState enum value
 24985  	HandshakeStateOpen = "OPEN"
 24986  
 24987  	// HandshakeStateCanceled is a HandshakeState enum value
 24988  	HandshakeStateCanceled = "CANCELED"
 24989  
 24990  	// HandshakeStateAccepted is a HandshakeState enum value
 24991  	HandshakeStateAccepted = "ACCEPTED"
 24992  
 24993  	// HandshakeStateDeclined is a HandshakeState enum value
 24994  	HandshakeStateDeclined = "DECLINED"
 24995  
 24996  	// HandshakeStateExpired is a HandshakeState enum value
 24997  	HandshakeStateExpired = "EXPIRED"
 24998  )
 24999  
 25000  // HandshakeState_Values returns all elements of the HandshakeState enum
 25001  func HandshakeState_Values() []string {
 25002  	return []string{
 25003  		HandshakeStateRequested,
 25004  		HandshakeStateOpen,
 25005  		HandshakeStateCanceled,
 25006  		HandshakeStateAccepted,
 25007  		HandshakeStateDeclined,
 25008  		HandshakeStateExpired,
 25009  	}
 25010  }
 25011  
 25012  const (
 25013  	// IAMUserAccessToBillingAllow is a IAMUserAccessToBilling enum value
 25014  	IAMUserAccessToBillingAllow = "ALLOW"
 25015  
 25016  	// IAMUserAccessToBillingDeny is a IAMUserAccessToBilling enum value
 25017  	IAMUserAccessToBillingDeny = "DENY"
 25018  )
 25019  
 25020  // IAMUserAccessToBilling_Values returns all elements of the IAMUserAccessToBilling enum
 25021  func IAMUserAccessToBilling_Values() []string {
 25022  	return []string{
 25023  		IAMUserAccessToBillingAllow,
 25024  		IAMUserAccessToBillingDeny,
 25025  	}
 25026  }
 25027  
 25028  const (
 25029  	// InvalidInputExceptionReasonInvalidPartyTypeTarget is a InvalidInputExceptionReason enum value
 25030  	InvalidInputExceptionReasonInvalidPartyTypeTarget = "INVALID_PARTY_TYPE_TARGET"
 25031  
 25032  	// InvalidInputExceptionReasonInvalidSyntaxOrganizationArn is a InvalidInputExceptionReason enum value
 25033  	InvalidInputExceptionReasonInvalidSyntaxOrganizationArn = "INVALID_SYNTAX_ORGANIZATION_ARN"
 25034  
 25035  	// InvalidInputExceptionReasonInvalidSyntaxPolicyId is a InvalidInputExceptionReason enum value
 25036  	InvalidInputExceptionReasonInvalidSyntaxPolicyId = "INVALID_SYNTAX_POLICY_ID"
 25037  
 25038  	// InvalidInputExceptionReasonInvalidEnum is a InvalidInputExceptionReason enum value
 25039  	InvalidInputExceptionReasonInvalidEnum = "INVALID_ENUM"
 25040  
 25041  	// InvalidInputExceptionReasonInvalidEnumPolicyType is a InvalidInputExceptionReason enum value
 25042  	InvalidInputExceptionReasonInvalidEnumPolicyType = "INVALID_ENUM_POLICY_TYPE"
 25043  
 25044  	// InvalidInputExceptionReasonInvalidListMember is a InvalidInputExceptionReason enum value
 25045  	InvalidInputExceptionReasonInvalidListMember = "INVALID_LIST_MEMBER"
 25046  
 25047  	// InvalidInputExceptionReasonMaxLengthExceeded is a InvalidInputExceptionReason enum value
 25048  	InvalidInputExceptionReasonMaxLengthExceeded = "MAX_LENGTH_EXCEEDED"
 25049  
 25050  	// InvalidInputExceptionReasonMaxValueExceeded is a InvalidInputExceptionReason enum value
 25051  	InvalidInputExceptionReasonMaxValueExceeded = "MAX_VALUE_EXCEEDED"
 25052  
 25053  	// InvalidInputExceptionReasonMinLengthExceeded is a InvalidInputExceptionReason enum value
 25054  	InvalidInputExceptionReasonMinLengthExceeded = "MIN_LENGTH_EXCEEDED"
 25055  
 25056  	// InvalidInputExceptionReasonMinValueExceeded is a InvalidInputExceptionReason enum value
 25057  	InvalidInputExceptionReasonMinValueExceeded = "MIN_VALUE_EXCEEDED"
 25058  
 25059  	// InvalidInputExceptionReasonImmutablePolicy is a InvalidInputExceptionReason enum value
 25060  	InvalidInputExceptionReasonImmutablePolicy = "IMMUTABLE_POLICY"
 25061  
 25062  	// InvalidInputExceptionReasonInvalidPattern is a InvalidInputExceptionReason enum value
 25063  	InvalidInputExceptionReasonInvalidPattern = "INVALID_PATTERN"
 25064  
 25065  	// InvalidInputExceptionReasonInvalidPatternTargetId is a InvalidInputExceptionReason enum value
 25066  	InvalidInputExceptionReasonInvalidPatternTargetId = "INVALID_PATTERN_TARGET_ID"
 25067  
 25068  	// InvalidInputExceptionReasonInputRequired is a InvalidInputExceptionReason enum value
 25069  	InvalidInputExceptionReasonInputRequired = "INPUT_REQUIRED"
 25070  
 25071  	// InvalidInputExceptionReasonInvalidNextToken is a InvalidInputExceptionReason enum value
 25072  	InvalidInputExceptionReasonInvalidNextToken = "INVALID_NEXT_TOKEN"
 25073  
 25074  	// InvalidInputExceptionReasonMaxLimitExceededFilter is a InvalidInputExceptionReason enum value
 25075  	InvalidInputExceptionReasonMaxLimitExceededFilter = "MAX_LIMIT_EXCEEDED_FILTER"
 25076  
 25077  	// InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots is a InvalidInputExceptionReason enum value
 25078  	InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots = "MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS"
 25079  
 25080  	// InvalidInputExceptionReasonInvalidFullNameTarget is a InvalidInputExceptionReason enum value
 25081  	InvalidInputExceptionReasonInvalidFullNameTarget = "INVALID_FULL_NAME_TARGET"
 25082  
 25083  	// InvalidInputExceptionReasonUnrecognizedServicePrincipal is a InvalidInputExceptionReason enum value
 25084  	InvalidInputExceptionReasonUnrecognizedServicePrincipal = "UNRECOGNIZED_SERVICE_PRINCIPAL"
 25085  
 25086  	// InvalidInputExceptionReasonInvalidRoleName is a InvalidInputExceptionReason enum value
 25087  	InvalidInputExceptionReasonInvalidRoleName = "INVALID_ROLE_NAME"
 25088  
 25089  	// InvalidInputExceptionReasonInvalidSystemTagsParameter is a InvalidInputExceptionReason enum value
 25090  	InvalidInputExceptionReasonInvalidSystemTagsParameter = "INVALID_SYSTEM_TAGS_PARAMETER"
 25091  
 25092  	// InvalidInputExceptionReasonDuplicateTagKey is a InvalidInputExceptionReason enum value
 25093  	InvalidInputExceptionReasonDuplicateTagKey = "DUPLICATE_TAG_KEY"
 25094  
 25095  	// InvalidInputExceptionReasonTargetNotSupported is a InvalidInputExceptionReason enum value
 25096  	InvalidInputExceptionReasonTargetNotSupported = "TARGET_NOT_SUPPORTED"
 25097  
 25098  	// InvalidInputExceptionReasonInvalidEmailAddressTarget is a InvalidInputExceptionReason enum value
 25099  	InvalidInputExceptionReasonInvalidEmailAddressTarget = "INVALID_EMAIL_ADDRESS_TARGET"
 25100  )
 25101  
 25102  // InvalidInputExceptionReason_Values returns all elements of the InvalidInputExceptionReason enum
 25103  func InvalidInputExceptionReason_Values() []string {
 25104  	return []string{
 25105  		InvalidInputExceptionReasonInvalidPartyTypeTarget,
 25106  		InvalidInputExceptionReasonInvalidSyntaxOrganizationArn,
 25107  		InvalidInputExceptionReasonInvalidSyntaxPolicyId,
 25108  		InvalidInputExceptionReasonInvalidEnum,
 25109  		InvalidInputExceptionReasonInvalidEnumPolicyType,
 25110  		InvalidInputExceptionReasonInvalidListMember,
 25111  		InvalidInputExceptionReasonMaxLengthExceeded,
 25112  		InvalidInputExceptionReasonMaxValueExceeded,
 25113  		InvalidInputExceptionReasonMinLengthExceeded,
 25114  		InvalidInputExceptionReasonMinValueExceeded,
 25115  		InvalidInputExceptionReasonImmutablePolicy,
 25116  		InvalidInputExceptionReasonInvalidPattern,
 25117  		InvalidInputExceptionReasonInvalidPatternTargetId,
 25118  		InvalidInputExceptionReasonInputRequired,
 25119  		InvalidInputExceptionReasonInvalidNextToken,
 25120  		InvalidInputExceptionReasonMaxLimitExceededFilter,
 25121  		InvalidInputExceptionReasonMovingAccountBetweenDifferentRoots,
 25122  		InvalidInputExceptionReasonInvalidFullNameTarget,
 25123  		InvalidInputExceptionReasonUnrecognizedServicePrincipal,
 25124  		InvalidInputExceptionReasonInvalidRoleName,
 25125  		InvalidInputExceptionReasonInvalidSystemTagsParameter,
 25126  		InvalidInputExceptionReasonDuplicateTagKey,
 25127  		InvalidInputExceptionReasonTargetNotSupported,
 25128  		InvalidInputExceptionReasonInvalidEmailAddressTarget,
 25129  	}
 25130  }
 25131  
 25132  const (
 25133  	// OrganizationFeatureSetAll is a OrganizationFeatureSet enum value
 25134  	OrganizationFeatureSetAll = "ALL"
 25135  
 25136  	// OrganizationFeatureSetConsolidatedBilling is a OrganizationFeatureSet enum value
 25137  	OrganizationFeatureSetConsolidatedBilling = "CONSOLIDATED_BILLING"
 25138  )
 25139  
 25140  // OrganizationFeatureSet_Values returns all elements of the OrganizationFeatureSet enum
 25141  func OrganizationFeatureSet_Values() []string {
 25142  	return []string{
 25143  		OrganizationFeatureSetAll,
 25144  		OrganizationFeatureSetConsolidatedBilling,
 25145  	}
 25146  }
 25147  
 25148  const (
 25149  	// ParentTypeRoot is a ParentType enum value
 25150  	ParentTypeRoot = "ROOT"
 25151  
 25152  	// ParentTypeOrganizationalUnit is a ParentType enum value
 25153  	ParentTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
 25154  )
 25155  
 25156  // ParentType_Values returns all elements of the ParentType enum
 25157  func ParentType_Values() []string {
 25158  	return []string{
 25159  		ParentTypeRoot,
 25160  		ParentTypeOrganizationalUnit,
 25161  	}
 25162  }
 25163  
 25164  const (
 25165  	// PolicyTypeServiceControlPolicy is a PolicyType enum value
 25166  	PolicyTypeServiceControlPolicy = "SERVICE_CONTROL_POLICY"
 25167  
 25168  	// PolicyTypeTagPolicy is a PolicyType enum value
 25169  	PolicyTypeTagPolicy = "TAG_POLICY"
 25170  
 25171  	// PolicyTypeBackupPolicy is a PolicyType enum value
 25172  	PolicyTypeBackupPolicy = "BACKUP_POLICY"
 25173  
 25174  	// PolicyTypeAiservicesOptOutPolicy is a PolicyType enum value
 25175  	PolicyTypeAiservicesOptOutPolicy = "AISERVICES_OPT_OUT_POLICY"
 25176  )
 25177  
 25178  // PolicyType_Values returns all elements of the PolicyType enum
 25179  func PolicyType_Values() []string {
 25180  	return []string{
 25181  		PolicyTypeServiceControlPolicy,
 25182  		PolicyTypeTagPolicy,
 25183  		PolicyTypeBackupPolicy,
 25184  		PolicyTypeAiservicesOptOutPolicy,
 25185  	}
 25186  }
 25187  
 25188  const (
 25189  	// PolicyTypeStatusEnabled is a PolicyTypeStatus enum value
 25190  	PolicyTypeStatusEnabled = "ENABLED"
 25191  
 25192  	// PolicyTypeStatusPendingEnable is a PolicyTypeStatus enum value
 25193  	PolicyTypeStatusPendingEnable = "PENDING_ENABLE"
 25194  
 25195  	// PolicyTypeStatusPendingDisable is a PolicyTypeStatus enum value
 25196  	PolicyTypeStatusPendingDisable = "PENDING_DISABLE"
 25197  )
 25198  
 25199  // PolicyTypeStatus_Values returns all elements of the PolicyTypeStatus enum
 25200  func PolicyTypeStatus_Values() []string {
 25201  	return []string{
 25202  		PolicyTypeStatusEnabled,
 25203  		PolicyTypeStatusPendingEnable,
 25204  		PolicyTypeStatusPendingDisable,
 25205  	}
 25206  }
 25207  
 25208  const (
 25209  	// TargetTypeAccount is a TargetType enum value
 25210  	TargetTypeAccount = "ACCOUNT"
 25211  
 25212  	// TargetTypeOrganizationalUnit is a TargetType enum value
 25213  	TargetTypeOrganizationalUnit = "ORGANIZATIONAL_UNIT"
 25214  
 25215  	// TargetTypeRoot is a TargetType enum value
 25216  	TargetTypeRoot = "ROOT"
 25217  )
 25218  
 25219  // TargetType_Values returns all elements of the TargetType enum
 25220  func TargetType_Values() []string {
 25221  	return []string{
 25222  		TargetTypeAccount,
 25223  		TargetTypeOrganizationalUnit,
 25224  		TargetTypeRoot,
 25225  	}
 25226  }